oss-sec mailing list archives
MySQL executable comment execution on MySQL slave server (from 2009)
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 18 Oct 2011 13:13:55 -0600
This is an old one that slipped through in 2009: The executable comment capability in MySQL before 5.1.50 and 5.0.93 can be used to execute arbitrary SQL commands as a privileged user. This occurs on MySQL servers configured as slaves in a MySQL replication environment where the slave server is running a newer version of MySQL than the server. The attacker would need the ability to add custom comments to a database on the MySQL server. http://bugs.mysql.com/bug.php?id=49124 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- MySQL executable comment execution on MySQL slave server (from 2009) Kurt Seifried (Oct 18)
- Re: MySQL executable comment execution on MySQL slave server (from 2009) Josh Bressers (Oct 18)