FreeBSD : mysql-server -- insecure temporary file creation (eeae6cce-d05c-11d9-9aed-000e0c2e438a)
Medium Nessus Plugin ID 19160
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process.
The problem lies in the mysql_install_db script which creates temporary files based on the PID used by the script.
SolutionUpdate the affected packages.