CVE-2010-1621

Publication date 14 May 2010

Last updated 24 July 2024


Ubuntu priority

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Read the notes from the security team

Status

Package Ubuntu Release Status
mysql-5.1 10.10 maverick
Not affected
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release
mysql-dfsg-5.0 10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected
mysql-dfsg-5.1 10.10 maverick Not in release
10.04 LTS lucid
Fixed 5.1.41-3ubuntu12.3
9.10 karmic
Fixed 5.1.37-1ubuntu5.4
9.04 jaunty Ignored end of life
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

Notes


mdeslaur

doesn't apply to 5.0.x

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
mysql-dfsg-5.1

References

Related Ubuntu Security Notices (USN)

Other references