MySQL executable comment execution on MySQL slave server (from 2009)

[Kurt Seifried <kseifried () redhat com>]

This is an old one that slipped through in 2009:

The executable comment capability in MySQL before 5.1.50 and 5.0.93
can be used to execute arbitrary SQL commands as a privileged user.
This occurs on MySQL servers configured as slaves in a MySQL
replication environment where the slave server is running a newer
version of MySQL than the server. The attacker would need the ability
to add custom comments to a database on the MySQL server.

http://bugs.mysql.com/bug.php?id=49124
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html

-- 

-Kurt Seifried / Red Hat Security Response Team