CVE-2005-1636

Published: 17 May 2005

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

Priority

Status

Package	Release	Status
mysql-dfsg Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Does not exist
	upstream	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2005-1636
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.