Debian Security Advisory 707-1. Multiple issues with MySQL, including: incorrect privilege handling (users get illegitimate access to databases named similarly to those they have legitimate access to), arbitrary command execution for any user that has been granted INSERT and DELETE rights, and race conditions due to predictable tempfile naming schemes.
8f5c94fb7332fb046cb8ba8ed05f37326977d9787fac3593b9bd7b35da35d0f1Gentoo Linux Security Advisory GLSA 200503-19 - MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges (CVE-2005-0709 and CVE-2005-0710). Furthermore MySQL uses predictable filenames when creating temporary files with CREATE TEMPORARY TABLE (CVE-2005-0711). Versions less than 4.0.24 are affected.
9fdd9adc34b34aa3eaa594e282bd793239e7888d2077710cea1519c1c786ec25
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed