MySQL has the following vulnerabilities:
MySQL AB MySQL <= 5.1.10
Description:
MySQL is a widely used open-source relational database system with running versions on various platforms.
In MySQL, users with access permission but no creation permission can create a new database that is only named and case-insensitive to the accessed database. Successful exploitation of this vulnerability requires running
MySQL file system supports case-sensitive file names.
In addition, because the suid routine parameters are calculated in the wrong security environment, attackers can execute arbitrary DML statements with the permissions of the routine definer through stored routines. Successful attacks require users
EXECUTE permission on the stored routine.
Vendor patch:
MySQL AB
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.mysql.com/commits/5927
Http://lists.mysql.com/commits/9122