CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
28.0%
CentOS Errata and Security Advisory CESA-2005:685
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.
An insecure temporary file handling bug was found in the mysql_install_db
script. It is possible for a local user to create specially crafted files
in /tmp which could allow them to execute arbitrary SQL commands during
database installation. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1636 to this issue.
These packages update mysql to version 4.1.12, fixing a number of problems.
Also, support for SSL-encrypted connections to the database server is now
provided.
All users of mysql are advised to upgrade to these updated packages.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-October/074404.html
https://lists.centos.org/pipermail/centos-announce/2005-October/074416.html
Affected packages:
mysql
mysql-bench
mysql-devel
mysql-server
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:685
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | mysql | < 4.1.12-3.RHEL4.1 | mysql-4.1.12-3.RHEL4.1.ia64.rpm |
CentOS | 4 | ia64 | mysql-bench | < 4.1.12-3.RHEL4.1 | mysql-bench-4.1.12-3.RHEL4.1.ia64.rpm |
CentOS | 4 | ia64 | mysql-devel | < 4.1.12-3.RHEL4.1 | mysql-devel-4.1.12-3.RHEL4.1.ia64.rpm |
CentOS | 4 | ia64 | mysql-server | < 4.1.12-3.RHEL4.1 | mysql-server-4.1.12-3.RHEL4.1.ia64.rpm |
CentOS | 4 | s390 | mysql | < 4.1.12-3.RHEL4.1 | mysql-4.1.12-3.RHEL4.1.s390.rpm |
CentOS | 4 | s390 | mysql-bench | < 4.1.12-3.RHEL4.1 | mysql-bench-4.1.12-3.RHEL4.1.s390.rpm |
CentOS | 4 | s390 | mysql-devel | < 4.1.12-3.RHEL4.1 | mysql-devel-4.1.12-3.RHEL4.1.s390.rpm |
CentOS | 4 | s390 | mysql-server | < 4.1.12-3.RHEL4.1 | mysql-server-4.1.12-3.RHEL4.1.s390.rpm |
CentOS | 4 | s390x | mysql | < 4.1.12-3.RHEL4.1 | mysql-4.1.12-3.RHEL4.1.s390x.rpm |
CentOS | 4 | s390x | mysql-bench | < 4.1.12-3.RHEL4.1 | mysql-bench-4.1.12-3.RHEL4.1.s390x.rpm |