Your submission was sent successfully! Close

CVE-2010-1621

Published: 14 May 2010

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Priority

Low

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Not vulnerable
(5.1.47-1ubuntu1)
upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid Does not exist

maverick Does not exist

upstream Not vulnerable

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Ignored
(reached end-of-life)
karmic
Released (5.1.37-1ubuntu5.4)
lucid
Released (5.1.41-3ubuntu12.3)
maverick Does not exist

upstream
Released (5.1.46)
Patches:
upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1-bugteam/revision/3351.1.45