Yes, if some other program (GUI , Server side scripts , etc ...)
use a user supplied data as input to mysqld_multi command in vulnerable
operations it will be a security issue.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1
[Expired for mysql-5.1 (Ubuntu) because there has been no activity for
60 days.]
** Changed in: mysql-5.1 (Ubuntu)
Status: Incomplete = Expired
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
While this should get fixed, I don't really see a security issue here,
unless an attacker can somehow control the parameters that mysqld_multi
uses without them getting specified by the user on the command line.
--
You received this bug notification because you are a member of Ubuntu
Server
Thanks for your input Marc, based on this i'm dropping the priority and
marking incomplete pending further information.
@Emanuel, Please can you provide further information on how this might
cause an issue?
Thanks.
** Changed in: mysql-5.1 (Ubuntu)
Status: New = Incomplete
** Changed
** Tags added: server
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/782298
Title:
command injections in mysqld_multi
To manage notifications about this bug go to:
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/782298
Title:
command injections in mysqld_multi
To manage notifications
** Changed in: mysql-5.1 (Ubuntu)
Importance: Undecided = High
** Tags added: security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/782298
Title:
command injections in