MySQL Executable Comment Vulnerability in Slave Configurations by Oracle
CVE-2009-5026

Currently unrated

Key Information:

Vendor

Mysql

Status
Mysql
Vendor
CVE Published:
17 August 2012

What is CVE-2009-5026?

The executable comment feature in MySQL versions 5.0.x prior to 5.0.93 and 5.1.x prior to 5.1.50 is vulnerable when running in specific slave configurations. This occurs particularly when the MySQL slave is operating on a newer version than the master. This misconfiguration permits remote attackers to inject and execute arbitrary SQL commands through specially crafted comments, posing significant risk to database integrity and security.

References

https://bugzilla.redhat.com/show_bug.cgi?id=640177
x_refsource_CONFIRM
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html
x_refsource_CONFIRM
http://bugs.mysql.com/bug.php?id=49124
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.