mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the files contents.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mysql | Mysql | 5.0.3 | 5.0.3 |
Mysql | Mysql | 5.0.2 | 5.0.2 |
Mysql | Mysql | 5.0.1 | 5.0.1 |
Mysql | Mysql | 5.0.4 | 5.0.4 |
Mysql | Oracle | 4.0.0 | 4.0.0 |
Mysql | Oracle | 4.0.1 | 4.0.1 |
Mysql | Oracle | 4.0.2 | 4.0.2 |
Mysql | Oracle | 4.0.3 | 4.0.3 |
Mysql | Oracle | 4.0.4 | 4.0.4 |
Mysql | Oracle | 4.0.5 | 4.0.5 |
Mysql | Oracle | 4.0.5a | 4.0.5a |
Mysql | Oracle | 4.0.6 | 4.0.6 |
Mysql | Oracle | 4.0.7 | 4.0.7 |
Mysql | Oracle | 4.0.7 | 4.0.7 |
Mysql | Oracle | 4.0.8 | 4.0.8 |
Mysql | Oracle | 4.0.8 | 4.0.8 |
Mysql | Oracle | 4.0.9 | 4.0.9 |
Mysql | Oracle | 4.0.9 | 4.0.9 |
Mysql | Oracle | 4.0.10 | 4.0.10 |
Mysql | Oracle | 4.0.11 | 4.0.11 |
Mysql | Oracle | 4.0.11 | 4.0.11 |
Mysql | Oracle | 5.0.0 | 5.0.0 |