4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
MySQL is a multi-user, multi-threaded SQL database server.
This update fixes several security risks in the MySQL server.
Stefano Di Paola discovered two bugs in the way MySQL handles user-defined
functions. A user with the ability to create and execute a user defined
function could potentially execute arbitrary code on the MySQL server. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2005-0709 and CAN-2005-0710 to these issues.
Stefano Di Paola also discovered a bug in the way MySQL creates temporary
tables. A local user could create a specially crafted symlink which could
result in the MySQL server overwriting a file which it has write access to.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-0711 to this issue.
All users of the MySQL server are advised to upgrade to these updated
packages, which contain fixes for these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | x86_64 | mysql-server | < 3.23.58-16.RHEL3.1 | mysql-server-3.23.58-16.RHEL3.1.x86_64.rpm |