The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mysql | Mysql | * | 5.1.45 (including) |
| Mysql-dfsg-5.1 | Ubuntu | jaunty | * |
| Mysql-dfsg-5.1 | Ubuntu | karmic | * |
| Mysql-dfsg-5.1 | Ubuntu | lucid | * |
| Mysql-dfsg-5.1 | Ubuntu | upstream | * |
References
- http://bugs.mysql.com/bug.php?id=51770
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:093
- http://www.securityfocus.com/bid/39543
- http://www.ubuntu.com/usn/USN-1397-1
- http://bugs.mysql.com/bug.php?id=51770
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:093
- http://www.securityfocus.com/bid/39543
- http://www.ubuntu.com/usn/USN-1397-1