MySQL has the privilege escalation and security restriction bypass vulnerability. Affected system: MySQLABMySQL description: MySQL is a widely used open-source relational database system with running versions on various platforms. On MySQL, access to the affected system:
MySQL AB MySQL <= 5.1.10
Description:
MySQL is a widely used open-source relational database system with running versions on various platforms.
In MySQL, users with access permission but no creation permission can create a new database that is only named and case-insensitive to the accessed database. Successful exploitation of this vulnerability requires that the file system running MySQL support case-sensitive file names.
In addition, because the suid routine parameters are calculated in the wrong security environment, attackers can execute arbitrary DML statements with the permissions of the routine definer through stored routines. Successful attacks require you to have the EXECUTE permission on the stored routines.
Vendor patch:
MySQL AB
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.mysql.com/commits/5927
Http://lists.mysql.com/commits/9122
(T114)
MySQL AB MySQL description: MySQL is a widely used open-source relational database system with running versions on various platforms. On MySQL, you have access...