mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the files contents.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mysql | Mysql | 5.0.1 (including) | 5.0.1 (including) |
| Mysql | Mysql | 5.0.2 (including) | 5.0.2 (including) |
| Mysql | Mysql | 5.0.3 (including) | 5.0.3 (including) |
| Mysql | Mysql | 5.0.4 (including) | 5.0.4 (including) |
| Mysql | Oracle | 4.0.0 (including) | 4.0.0 (including) |
| Mysql | Oracle | 4.0.1 (including) | 4.0.1 (including) |
| Mysql | Oracle | 4.0.2 (including) | 4.0.2 (including) |
| Mysql | Oracle | 4.0.3 (including) | 4.0.3 (including) |
| Mysql | Oracle | 4.0.4 (including) | 4.0.4 (including) |
| Mysql | Oracle | 4.0.5 (including) | 4.0.5 (including) |
| Mysql | Oracle | 4.0.5a (including) | 4.0.5a (including) |
| Mysql | Oracle | 4.0.6 (including) | 4.0.6 (including) |
| Mysql | Oracle | 4.0.7 (including) | 4.0.7 (including) |
| Mysql | Oracle | 4.0.7-gamma (including) | 4.0.7-gamma (including) |
| Mysql | Oracle | 4.0.8 (including) | 4.0.8 (including) |
| Mysql | Oracle | 4.0.8-gamma (including) | 4.0.8-gamma (including) |
| Mysql | Oracle | 4.0.9 (including) | 4.0.9 (including) |
| Mysql | Oracle | 4.0.9-gamma (including) | 4.0.9-gamma (including) |
| Mysql | Oracle | 4.0.10 (including) | 4.0.10 (including) |
| Mysql | Oracle | 4.0.11 (including) | 4.0.11 (including) |
| Mysql | Oracle | 4.0.11-gamma (including) | 4.0.11-gamma (including) |
| Mysql | Oracle | 5.0.0-alpha (including) | 5.0.0-alpha (including) |
| Red Hat Enterprise Linux 4 | RedHat | mysql-0:4.1.12-3.RHEL4.1 | * |