Mandrake Linux Security Advisory : MySQL (MDKSA-2003:094)
High Nessus Plugin ID 14076
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA buffer overflow was discovered in MySQL that could be executed by any user with 'ALTER TABLE' privileges on the 'mysql' database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The 'mysql' database is used by MySQL for internal record keeping and by default only the 'root' user, or MySQL administrative account, has permission to alter its tables.
This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem.
SolutionUpdate the affected packages.