--Apple-Mail-1-580636551 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed ######################################################### MySQL mysql_install_db data manipulation vendor: http://www.mysql.com advisory: http://www.zataz.net/adviso/mysql-05172005.txt vendor informed: yes exploit available:no ######################################################### MySQL contain a security flaw how could allow a malicious local attacker to inject arbitrary SQL commands during database creation process. For exemple : A malicious local attacker could create an mysql account accessible from local (or everywhere) with ALL privileges on all databases; ########## versions: ########## MySQL < 4.0.12 MySQL <= 5.0.4 ########## Solution: ########## For MySQL 4.0.x update to the new version 4.0.12 MySQL 5.0.4 still vulnerable. ######### timeline: ######### discovered : 2005-05-07 vendor notified : 2005-05-09 vendor response : 2005-05-09 vendor fix : 2005-05-17 disclosure : 2005-05-17 ##################### Technical details : ##################### tmp_file=/tmp/mysql_install_db.$$ Then on : 226 echo "use mysql;" > $tmp_file 227 cat $tmp_file $fill_help_tables | eval "$mysqld_install_cmd_line" 228 res=$? 229 rm $tmp_file ##################### Credits : ##################### Eric Romang (eromang@zataz.net - ZATAZ) Thxs to Gentoo Security Team. (Taviso, Sune, jaervosz, etc.) --Apple-Mail-1-580636551 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=ISO-8859-1