Package name
MySQL
Date
2005-03-21
Advisory ID
MDKSA-2005:060
Affected versions
CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A number of vulnerabilities were discovered by Stefano Di Paola in the MySQL server: If an authenticated user had INSERT privileges on the 'mysql' database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the user running the database server (mysql) (CAN-2005-0709). If an authenticated user had INSERT privileges on the 'mysql' database, it was possible to load a library located in an arbitrary directory by using INSERT INTO mysql.func instead of CREATE FUNCTION. This also would allow the user to execute arbitrary code with the privileges of the user running the database server (CAN-2005-0710). Finally, temporary files belonging to tables created with CREATE TEMPORARY TABLE were handled in an insecure manner, allowing any local user to overwrite arbitrary files with the privileges of the database server (CAN-2005-0711). The updated packages have been patched to correct these issues.

Updated packages

CS2.1 x86_64

 179bb081fc42e1605aee0e0cd4302479  x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.8.C21mdk.x86_64.rpm
0aff7099f82a97b088a42998c8a2be79  x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.8.C21mdk.x86_64.rpm
3c5266fa6cd2bc2ea601b400d7affd27  x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.8.C21mdk.x86_64.rpm
e50a52624efac2ab7f2ee79a56093a9b  x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.8.C21mdk.x86_64.rpm
c7d5c09665aa3ba0f93de29b2a825b0f  x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.8.C21mdk.x86_64.rpm
4c885f301ed4fa22954a24e86f96e11b  x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.8.C21mdk.x86_64.rpm
6e07c7ea6e92b0b0828814648234c9b3  x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.8.C21mdk.src.rpm

10.0 amd64

 0ab0bb4f82c8dc3d6194bd6d01136948  amd64/10.0/RPMS/lib64mysql12-4.0.18-1.4.100mdk.amd64.rpm
283f25dfa37b406ac76c724f7d45dfe7  amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.4.100mdk.amd64.rpm
6e796a5b00ee1b450aefe434ccadf437  amd64/10.0/RPMS/MySQL-4.0.18-1.4.100mdk.amd64.rpm
bcd3e0ffdd1402ff54a63cc7386a36be  amd64/10.0/RPMS/MySQL-Max-4.0.18-1.4.100mdk.amd64.rpm
46b367fcf652e07fccd09d76738a8662  amd64/10.0/RPMS/MySQL-bench-4.0.18-1.4.100mdk.amd64.rpm
76ea0bbb46e2f7af835498759cd991cb  amd64/10.0/RPMS/MySQL-client-4.0.18-1.4.100mdk.amd64.rpm
db3725e14b8dfd0bd99e0f5ebc645303  amd64/10.0/RPMS/MySQL-common-4.0.18-1.4.100mdk.amd64.rpm
7f206e82f4858c1f5d26e3f45f317320  amd64/10.0/SRPMS/MySQL-4.0.18-1.4.100mdk.src.rpm

10.1 i586

 c3c557a06d519f6f8e91ba43a9f3d404  10.1/RPMS/libmysql12-4.0.20-3.3.101mdk.i586.rpm
0ada09ca0942df3ac24b54e77d4f1ab7  10.1/RPMS/libmysql12-devel-4.0.20-3.3.101mdk.i586.rpm
051ba4877ed955d2ba10dfa689d4b380  10.1/RPMS/MySQL-4.0.20-3.3.101mdk.i586.rpm
ec4c10ff52536c9aba73207d4090878a  10.1/RPMS/MySQL-Max-4.0.20-3.3.101mdk.i586.rpm
8a0df2fc5431d0bea357ff35f99aec64  10.1/RPMS/MySQL-bench-4.0.20-3.3.101mdk.i586.rpm
bc0478faf5d4f1c453b3a67143685c82  10.1/RPMS/MySQL-client-4.0.20-3.3.101mdk.i586.rpm
3f87f6fa53b47ab287714df3a7b569cf  10.1/RPMS/MySQL-common-4.0.20-3.3.101mdk.i586.rpm
5eef9940c3b0f16bbe47ef5cf2d87335  10.1/SRPMS/MySQL-4.0.20-3.3.101mdk.src.rpm

10.0 i586

 a63c4a586c5ce21eefc68121b8bfcbb7  10.0/RPMS/libmysql12-4.0.18-1.4.100mdk.i586.rpm
91deea11427c50779b5435a952efc7e3  10.0/RPMS/libmysql12-devel-4.0.18-1.4.100mdk.i586.rpm
4150e294ce81935ee7e8844537867f89  10.0/RPMS/MySQL-4.0.18-1.4.100mdk.i586.rpm
1d7343e4ef5363066387fb4249ddf22a  10.0/RPMS/MySQL-Max-4.0.18-1.4.100mdk.i586.rpm
1b96455b734d9f896391041c6a1014d9  10.0/RPMS/MySQL-bench-4.0.18-1.4.100mdk.i586.rpm
d4e8ee5ce5608ad9c81905ad4a9b10eb  10.0/RPMS/MySQL-client-4.0.18-1.4.100mdk.i586.rpm
d83c85b5417d2c0e96002aa1d162bf35  10.0/RPMS/MySQL-common-4.0.18-1.4.100mdk.i586.rpm
7f206e82f4858c1f5d26e3f45f317320  10.0/SRPMS/MySQL-4.0.18-1.4.100mdk.src.rpm

CS3.0 x86_64

 64283c6daaaf50e766d98b4fa9281a3d  x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.4.C30mdk.x86_64.rpm
fcf3a8d2142dc35d83ee537a03b2b69d  x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.4.C30mdk.x86_64.rpm
16984a3255ce4b7934b8b479f2a3d744  x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.4.C30mdk.x86_64.rpm
f3d128d91d0db42234a0799c17529ef0  x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.4.C30mdk.x86_64.rpm
34ef63c34906f4bb69d2c5a2048ead58  x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.4.C30mdk.x86_64.rpm
abeb243d806f4d6026314e0c6323aa27  x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.4.C30mdk.x86_64.rpm
6fe8cd9e5b1d3b784267dcf3b6155438  x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.4.C30mdk.x86_64.rpm
85f2566dec3dfaea49f5c7220030d13d  x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.4.C30mdk.src.rpm

CS3.0 i586

 c7b137fde3b84b2135cdb1b1c4b3669c  corporate/3.0/RPMS/libmysql12-4.0.18-1.4.C30mdk.i586.rpm
9a1220153597986dcea93655e616985c  corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.4.C30mdk.i586.rpm
c94748b75420afebba61f3889179ed27  corporate/3.0/RPMS/MySQL-4.0.18-1.4.C30mdk.i586.rpm
4230df255b7e26fdc5352fef47a652dd  corporate/3.0/RPMS/MySQL-Max-4.0.18-1.4.C30mdk.i586.rpm
f341a2cdbe037f03f1589dd03c32b122  corporate/3.0/RPMS/MySQL-bench-4.0.18-1.4.C30mdk.i586.rpm
23706070a88e7705d65656fb75a38bac  corporate/3.0/RPMS/MySQL-client-4.0.18-1.4.C30mdk.i586.rpm
8445d01b3058a678b31d4e4f62f0500f  corporate/3.0/RPMS/MySQL-common-4.0.18-1.4.C30mdk.i586.rpm
85f2566dec3dfaea49f5c7220030d13d  corporate/3.0/SRPMS/MySQL-4.0.18-1.4.C30mdk.src.rpm

CS2.1 i586

 0bc49a4120e6f7218204420787eb2f67  corporate/2.1/RPMS/libmysql10-3.23.56-1.8.C21mdk.i586.rpm
7bb7b42e1872b2e4087f2e9818d3c309  corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.8.C21mdk.i586.rpm
23470127e8aa4d0f17d4d4112dbcedfd  corporate/2.1/RPMS/MySQL-3.23.56-1.8.C21mdk.i586.rpm
19c2791af702f6642073c545c7e0849b  corporate/2.1/RPMS/MySQL-Max-3.23.56-1.8.C21mdk.i586.rpm
8096eb5a826ff1789285a7604ce39d30  corporate/2.1/RPMS/MySQL-bench-3.23.56-1.8.C21mdk.i586.rpm
f1276798252c0f5376c263b0e0e18b89  corporate/2.1/RPMS/MySQL-client-3.23.56-1.8.C21mdk.i586.rpm
6e07c7ea6e92b0b0828814648234c9b3  corporate/2.1/SRPMS/MySQL-3.23.56-1.8.C21mdk.src.rpm

10.1 x86_64

 7782ecace6685d4070d50983e4b68a26  x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.3.101mdk.x86_64.rpm
23c36f372c0eafad5304fe8a5a91340c  x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.3.101mdk.x86_64.rpm
d1d378de68e919c70125a26f598bbc9d  x86_64/10.1/RPMS/MySQL-4.0.20-3.3.101mdk.x86_64.rpm
bef40ae1d0b3d7d2fd02e23675890bf3  x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.3.101mdk.x86_64.rpm
33888c8872f94005b83c46ee7a4c0e9e  x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.3.101mdk.x86_64.rpm
c1d72a2398a4fca7d60efe7f717ddb91  x86_64/10.1/RPMS/MySQL-client-4.0.20-3.3.101mdk.x86_64.rpm
3a8bcfea1e9106510c69c93875cedad3  x86_64/10.1/RPMS/MySQL-common-4.0.20-3.3.101mdk.x86_64.rpm
5eef9940c3b0f16bbe47ef5cf2d87335  x86_64/10.1/SRPMS/MySQL-4.0.20-3.3.101mdk.src.rpm

References