MySQL Security Update Fixes Restrictions Bypass and Library Loading Vulnerabilities

June 11, 2007

[From FrSIRT]

Two vulnerabilities have been identified in MySQL, which could be exploited by malicious users to bypass security restrictions, manipulate certain data or potentially obtain elevated privileges.

The first issue is caused by an error in the "mysql_update()" [sql/sql_update.cc] function; the second vulnerability is caused by errors in the "udf_init()" and "mysql_create_function()" [sql/sql_udf.cc] functions...

The article continues at http://www.frsirt.com/english/advisories/2007/2122