MySQL Insecure Temporary File Handling

MySQL handle temporary files in an unsafe way while creating new database, allowing a malicious attacker to inject arbitrary SQL commands.


Vulnerable Systems:
 * MySQL versions 4.0.11 and prior
 * MySQL versions 5.0.4 and prior


Immune Systems:
 * MySQL version 4.0.12


MySQL contain a security flaw that could allow a malicious local attacker to inject arbitrary SQL commands during database creation process.


Patch Availability:
MySQL versions 5.* is still vulnerable.


http://www.securiteam.com/unixfocus/5HP0G2KFPU.html

Leave a Reply