Package: mysql-server Version: 4.0.23-3 Severity: critical Tags: security, sarge, sid
A privilege escalation vulnerability was introduced in mysql-sever 4.0.23-1. The following file is run as root by /etc/init.d/mysql (it is sourced by /etc/mysql/debian-start): /usr/share/mysql/debian-start.inc.sh This file and its containing directory are owned by the "mysql" user. An attacker with access to the "mysql" account could change this file to contain arbitrary commands, which would be run as root whenever mysql-server is started (including at system boot). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
