MySQL Insecure Temporary File Handling

MySQL handle temporary files in an unsafe way while creating new database, allowing a malicious attacker to inject arbitrary SQL commands.

Vulnerable Systems:
 * MySQL versions 4.0.11 and prior
 * MySQL versions 5.0.4 and prior

Immune Systems:
 * MySQL version 4.0.12

MySQL contain a security flaw that could allow a malicious local attacker to inject arbitrary SQL commands during database creation process.

Patch Availability:
MySQL versions 5.* is still vulnerable.

Leave a Reply