diff options
| author | ale <ale@FreeBSD.org> | 2005-03-14 23:16:35 +0800 |
|---|---|---|
| committer | ale <ale@FreeBSD.org> | 2005-03-14 23:16:35 +0800 |
| commit | 0a7c08416f0cff75a8f4ad31d667ad920da0fa40 (patch) | |
| tree | a766c2fa5fcca65d478f1d83338e701d7e44ff13 /security | |
| parent | 741e3d942c0d5415a66785850df2a88008e2c1a4 (diff) | |
| download | freebsd-ports-gnome-0a7c08416f0cff75a8f4ad31d667ad920da0fa40.tar.gz freebsd-ports-gnome-0a7c08416f0cff75a8f4ad31d667ad920da0fa40.tar.zst freebsd-ports-gnome-0a7c08416f0cff75a8f4ad31d667ad920da0fa40.zip | |
Document multiple mysql remote vulnerabilities.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 5e178a778821..443425715cb7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,49 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="619ef337-949a-11d9-b813-00d05964249f"> + <topic>mysql-server -- multiple remote vulnerabilities</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.0.0</ge><lt>4.0.24</lt></range> + <range><ge>4.1.0</ge><lt>4.1.10a</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/12781/discussion/"> + <p>MySQL is reported prone to an insecure temporary file creation + vulnerability.</p> + <p>Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' + privileges on an affected installation may leverage this + vulnerability to corrupt files with the privileges of the MySQL + process.</p> + <p>MySQL is reported prone to an input validation vulnerability that + can be exploited by remote users that have INSERT and DELETE + privileges on the 'mysql' administrative database.</p> + <p>Reports indicate that this issue may be leveraged to load an + execute a malicious library in the context of the MySQL process.</p> + <p>Finally, MySQL is reported prone to a remote arbitrary code + execution vulnerability. It is reported that the vulnerability may + be triggered by employing the 'CREATE FUNCTION' statement to + manipulate functions in order to control sensitive data + structures.</p> + <p>This issue may be exploited to execute arbitrary code in the + context of the database process.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.securityfocus.com/bid/12781/discussion/</url> + </references> + <dates> + <discovery>2005-03-11</discovery> + <entry>2005-03-14</entry> + </dates> + </vuln> + <vuln vid="d4bd4046-93a6-11d9-8378-000bdb1444a4"> <topic>rxvt-unicode -- buffer overflow vulnerability</topic> <affects> |