4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%
SecurityFocus reports:
MySQL is reported prone to an insecure temporary file creation
vulnerability.
Reports indicate that an attacker that has ‘CREATE TEMPORARY TABLE’
privileges on an affected installation may leverage this
vulnerability to corrupt files with the privileges of the MySQL
process.
MySQL is reported prone to an input validation vulnerability that
can be exploited by remote users that have INSERT and DELETE
privileges on the ‘mysql’ administrative database.
Reports indicate that this issue may be leveraged to load an
execute a malicious library in the context of the MySQL process.
Finally, MySQL is reported prone to a remote arbitrary code
execution vulnerability. It is reported that the vulnerability may
be triggered by employing the ‘CREATE FUNCTION’ statement to
manipulate functions in order to control sensitive data
structures.
This issue may be exploited to execute arbitrary code in the
context of the database process.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mysql-server | = 4.0.0 | UNKNOWN |
FreeBSD | any | noarch | mysql-server | < 4.0.24 | UNKNOWN |