At least two public exploits are circulating for a trio of vulnerabilities in the open-source MySQL database engine, security experts warned on Friday.
According to alerts released on security mailing lists, the most serious flaw can be exploited by malicious users to compromise a vulnerable system. In some cases, malicious local users could also perform certain actions on a vulnerable system with escalated privileges.
The bugs affect MySQL versions 4.0.23, and 4.1.10 and prior.
MySQL AB, the Swedish company that produces and manages the freely available database, has addressed the flaws in MySQL versions 4.0.24 and 4.1.10a.
Security information aggregator Secunia recommends that customers apply the appropriate patches immediately or limit the privileges granted to untrusted users.
Limiting privileges would protect against the input validation error in the “udf_init()” function that causes the “dl” field of the “mysql.func” table to not be properly sanitized before being used to load libraries, according to Secunia.
This could allow malicious attacker to manipulate the “mysql” administrative database directly via an “Insert into” statement instead of using “Create function.”
According to the advisory, successful exploitation allows loading a malicious library from an arbitrary location, but it requires “Insert” and “Delete” permissions on the “mysql” administrative database.
A separate vulnerability is caused because temporary files are created insecurely with the “Create temporary table” command. The company warned that this can be exploited via symlink attacks to overwrite arbitrary files with the privileges of MySQL.
