CVE-2010-1621

MEDIUM

Description

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

References

http://bugs.mysql.com/bug.php?id=51770

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:093

http://www.securityfocus.com/bid/39543

http://www.ubuntu.com/usn/USN-1397-1

Details

Source: MITRE

Published: 2010-05-14

Updated: 2018-01-05

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (11 total)

ID	Name	Product	Family	Severity
58325	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)	Nessus	Ubuntu Local Security Checks	high
57446	GLSA-201201-02 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
50016	openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)	Nessus	SuSE Local Security Checks	medium
48182	Mandriva Linux Security Advisory : mysql (MDVSA-2010:093)	Nessus	Mandriva Local Security Checks	medium
47461	Fedora 12 : mysql-5.1.46-1.fc12 (2010-7414)	Nessus	Fedora Local Security Checks	medium
47458	Fedora 11 : mysql-5.1.46-1.fc11 (2010-7355)	Nessus	Fedora Local Security Checks	medium
47457	Fedora 13 : mysql-5.1.46-1.fc13 (2010-7350)	Nessus	Fedora Local Security Checks	medium
46855	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-950-1)	Nessus	Ubuntu Local Security Checks	medium
801159	MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities	Log Correlation Engine	Database	low
46328	MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities	Nessus	Databases	low
5547	MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium