FreeBSD : MySQL insecure temporary file creation (mysqlbug) (123)
2004-07-06T00:00:00
ID FREEBSD_MYSQL_CLIENT_4020.NASL Type nessus Reporter Tenable Modified 2011-10-03T00:00:00
Description
The following package needs to be updated: mysql-client
# @DEPRECATED@
#
# This script has been deprecated by freebsd_pkg_2e1298468fbb11d88b290020ed76ef5a.nasl.
#
# Disabled on 2011/10/02.
#
#
# (C) Tenable Network Security, Inc.
#
# This script contains information extracted from VuXML :
#
# Copyright 2003-2006 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
#
include('compat.inc');
if ( description )
{
script_id(12583);
script_version("$Revision: 1.12 $");
script_bugtraq_id(9976);
script_cve_id("CVE-2004-0381");
script_name(english:"FreeBSD : MySQL insecure temporary file creation (mysqlbug) (123)");
script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
script_set_attribute(attribute:'description', value:'The following package needs to be updated: mysql-client');
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
script_set_attribute(attribute: 'see_also', value: 'http://awstats.sourceforge.net/awstats_security_news.php
http://bugs.mysql.com/bug.php?id=3284
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html
http://www.mozilla.org/security/announce/2008/mfsa2008-61.html
http://www.mozilla.org/security/announce/2008/mfsa2008-62.html
http://www.mozilla.org/security/announce/2008/mfsa2008-63.html
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html
http://www.samba.org/samba/whatsnew/samba-2.2.10.html
http://www.samba.org/samba/whatsnew/samba-3.0.5.html
https://bugs.kde.org/show_bug.cgi?id=103331');
script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html');
script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
script_cvs_date("$Date: 2011/10/03 00:48:25 $");
script_end_attributes();
script_summary(english:"Check for mysql-client");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.");
family["english"] = "FreeBSD Local Security Checks";
script_family(english:family["english"]);
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/FreeBSD/pkg_info");
exit(0);
}
# Deprecated.
exit(0, "This plugin has been deprecated. Refer to plugin #37467 (freebsd_pkg_2e1298468fbb11d88b290020ed76ef5a.nasl) instead.");
global_var cvss_score;
cvss_score=2;
include('freebsd_package.inc');
pkg_test(pkg:"mysql-client>=4.0<4.0.20");
pkg_test(pkg:"mysql-client>=4.1<4.1.1_2");
pkg_test(pkg:"mysql-client>=5.0<5.0.0_2");
{"published": "2004-07-06T00:00:00", "id": "FREEBSD_MYSQL_CLIENT_4020.NASL", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2016-09-26T17:23:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0381"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2004-034.NASL", "REDHAT-RHSA-2004-569.NASL", "MYSQL_4_0_20.NASL", "REDHAT-RHSA-2004-597.NASL", "DEBIAN_DSA-483.NASL", "GENTOO_GLSA-200405-20.NASL", "FREEBSD_PKG_2E1298468FBB11D88B290020ED76EF5A.NASL", "FEDORA_2004-530.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:6420"]}, {"type": "openvas", "idList": ["OPENVAS:52459", "OPENVAS:54580", "OPENVAS:53755"]}, {"type": "freebsd", "idList": ["2E129846-8FBB-11D8-8B29-0020ED76EF5A"]}, {"type": "gentoo", "idList": ["GLSA-200405-20"]}, {"type": "debian", "idList": ["DEBIAN:DSA-483-1:C59BC"]}, {"type": "redhat", "idList": ["RHSA-2004:597", "RHSA-2004:569"]}], "modified": "2016-09-26T17:23:23", "rev": 2}, "vulnersScore": 5.5}, "description": "The following package needs to be updated: mysql-client", "type": "nessus", "pluginID": "12583", "lastseen": "2016-09-26T17:23:23", "edition": 1, "title": "FreeBSD : MySQL insecure temporary file creation (mysqlbug) (123)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12583", "modified": "2011-10-03T00:00:00", "bulletinFamily": "scanner", "viewCount": 1, "cvelist": ["CVE-2004-0381"], "references": ["http://awstats.sourceforge.net/awstats_security_news.php", "http://www.mozilla.org/security/announce/2008/mfsa2008-61.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-60.html", "http://www.samba.org/samba/whatsnew/samba-3.0.5.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-63.html", "http://www.samba.org/samba/whatsnew/samba-2.2.10.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html", "http://bugs.mysql.com/bug.php?id=3284", "http://www.mozilla.org/security/announce/2008/mfsa2008-62.html", "https://bugs.kde.org/show_bug.cgi?id=103331", "http://www.FreeBSD.org/ports/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html"], "naslFamily": "FreeBSD Local Security Checks", "reporter": "Tenable", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_2e1298468fbb11d88b290020ed76ef5a.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(12583);\n script_version(\"$Revision: 1.12 $\");\n script_bugtraq_id(9976);\n script_cve_id(\"CVE-2004-0381\");\n\n script_name(english:\"FreeBSD : MySQL insecure temporary file creation (mysqlbug) (123)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: mysql-client');\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://awstats.sourceforge.net/awstats_security_news.php\nhttp://bugs.mysql.com/bug.php?id=3284\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-60.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-61.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-62.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-63.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-64.html\nhttp://www.samba.org/samba/whatsnew/samba-2.2.10.html\nhttp://www.samba.org/samba/whatsnew/samba-3.0.5.html\nhttps://bugs.kde.org/show_bug.cgi?id=103331');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_cvs_date(\"$Date: 2011/10/03 00:48:25 $\");\n script_end_attributes();\n script_summary(english:\"Check for mysql-client\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #37467 (freebsd_pkg_2e1298468fbb11d88b290020ed76ef5a.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=2;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"mysql-client>=4.0<4.0.20\");\n\npkg_test(pkg:\"mysql-client>=4.1<4.1.1_2\");\n\npkg_test(pkg:\"mysql-client>=5.0<5.0.0_2\");\n"}
{"cve": [{"lastseen": "2020-10-03T11:33:38", "description": "mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.", "edition": 5, "cvss3": {}, "published": "2004-05-04T04:00:00", "title": "CVE-2004-0381", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0381"], "modified": "2019-12-17T17:11:00", "cpe": ["cpe:/a:oracle:mysql:3.23.47", "cpe:/a:oracle:mysql:4.0.5a", "cpe:/a:oracle:mysql:3.23.38", "cpe:/a:oracle:mysql:3.23.48", "cpe:/a:oracle:mysql:3.23.9", "cpe:/a:oracle:mysql:3.23.22", "cpe:/a:oracle:mysql:4.0.0", "cpe:/a:oracle:mysql:3.23.36", "cpe:/a:oracle:mysql:4.0.14", "cpe:/a:oracle:mysql:3.23.10", "cpe:/a:oracle:mysql:3.23.2", "cpe:/a:oracle:mysql:3.22.26", "cpe:/a:oracle:mysql:4.0.11", "cpe:/a:oracle:mysql:3.23.32", "cpe:/a:oracle:mysql:3.23.8", "cpe:/a:oracle:mysql:3.23.51", "cpe:/a:oracle:mysql:4.0.3", "cpe:/a:oracle:mysql:3.23.33", "cpe:/a:oracle:mysql:3.23.3", "cpe:/a:oracle:mysql:3.23.53a", "cpe:/a:oracle:mysql:4.0.8", "cpe:/a:oracle:mysql:4.0.12", "cpe:/a:oracle:mysql:3.23.25", "cpe:/a:oracle:mysql:3.23.42", "cpe:/a:oracle:mysql:3.23.29", "cpe:/a:oracle:mysql:3.23.53", "cpe:/a:oracle:mysql:3.23.55", "cpe:/a:oracle:mysql:3.22.27", "cpe:/a:oracle:mysql:4.0.18", "cpe:/a:oracle:mysql:3.23.56", "cpe:/a:oracle:mysql:3.23.27", "cpe:/a:oracle:mysql:4.0.6", "cpe:/a:oracle:mysql:4.0.2", "cpe:/a:oracle:mysql:4.0.1", "cpe:/a:oracle:mysql:3.23.43", "cpe:/a:oracle:mysql:3.23.28", "cpe:/a:oracle:mysql:3.22.29", "cpe:/a:oracle:mysql:3.20.32a", "cpe:/a:oracle:mysql:4.0.4", "cpe:/a:mysql:mysql:4.1.0", "cpe:/a:oracle:mysql:3.23.50", "cpe:/a:oracle:mysql:3.22.30", "cpe:/a:oracle:mysql:4.0.7", "cpe:/a:oracle:mysql:3.23.31", "cpe:/a:oracle:mysql:3.23.5", "cpe:/a:oracle:mysql:3.23.46", "cpe:/a:oracle:mysql:3.23.26", "cpe:/a:oracle:mysql:3.23.34", "cpe:/a:oracle:mysql:4.0.10", "cpe:/a:oracle:mysql:3.23.58", "cpe:/a:oracle:mysql:3.23.40", "cpe:/a:oracle:mysql:3.23.41", "cpe:/a:oracle:mysql:3.23.54a", "cpe:/a:oracle:mysql:4.1.0", "cpe:/a:oracle:mysql:3.22.32", "cpe:/a:oracle:mysql:3.23.39", "cpe:/a:oracle:mysql:3.23.54", "cpe:/a:oracle:mysql:4.0.5", "cpe:/a:oracle:mysql:3.22.28", "cpe:/a:oracle:mysql:3.23.23", "cpe:/a:oracle:mysql:3.23.52", "cpe:/a:oracle:mysql:3.23.30", "cpe:/a:oracle:mysql:4.0.13", "cpe:/a:oracle:mysql:3.23.44", "cpe:/a:oracle:mysql:3.23.49", "cpe:/a:oracle:mysql:3.23.24", "cpe:/a:oracle:mysql:4.0.15", "cpe:/a:oracle:mysql:4.0.9", "cpe:/a:oracle:mysql:3.23.37", "cpe:/a:oracle:mysql:3.23.45"], "id": "CVE-2004-0381", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0381", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.20.32a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.58:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "cvelist": ["CVE-2004-0381"], "edition": 1, "description": "## Vulnerability Description\nMySQL contains a flaw that may allow a malicious user to arbitrary overwrite files. The problem is that the \"mysqlbug\" script creates files with insecure permissions. It is possible that the flaw may allow a malicious user to create a symlink to this file, which could allow arbitrary files to be overwriten on the system, resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 4.0.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMySQL contains a flaw that may allow a malicious user to arbitrary overwrite files. The problem is that the \"mysqlbug\" script creates files with insecure permissions. It is possible that the flaw may allow a malicious user to create a symlink to this file, which could allow arbitrary files to be overwriten on the system, resulting in a loss of integrity.\n## References:\nVendor URL: http://www.mysql.com/\nVendor Specific Solution URL: http://www.mysql.com/doc/en/Installing_source_tree.html\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-483)\n[Vendor Specific Advisory URL](http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:034)\n[Vendor Specific Advisory URL](http://bugs.mysql.com/bug.php?id=3284)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2004-597.html)\nSecurity Tracker: 1009554 \n[Secunia Advisory ID:11223](https://secuniaresearch.flexerasoftware.com/advisories/11223/)\n[Secunia Advisory ID:13407](https://secuniaresearch.flexerasoftware.com/advisories/13407/)\n[Related OSVDB ID: 6421](https://vulners.com/osvdb/OSVDB:6421)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200405-20.xml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0245.html\nISS X-Force ID: 15617\n[CVE-2004-0381](https://vulners.com/cve/CVE-2004-0381)\nBugtraq ID: 9976\n", "modified": "2004-03-24T16:16:18", "published": "2004-03-24T16:16:18", "href": "https://vulners.com/osvdb/OSVDB:6420", "id": "OSVDB:6420", "type": "osvdb", "title": "MySQL mysqlbug Symlink Arbitrary File Overwrite", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52459", "href": "http://plugins.openvas.org/nasl.php?oid=52459", "type": "openvas", "title": "FreeBSD Ports: mysql-client", "sourceData": "#\n#VID 2e129846-8fbb-11d8-8b29-0020ed76ef5a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-client\n\nCVE-2004-0381\nmysqlbug in MySQL allows local users to overwrite arbitrary files via\na symlink attack on the failed-mysql-bugreport temporary file.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.mysql.com/bug.php?id=3284\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2\nhttp://www.vuxml.org/freebsd/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52459);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0381\");\n script_bugtraq_id(9976);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: mysql-client\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-client\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0\")>=0 && revcomp(a:bver, b:\"4.0.20\")<0) {\n txt += 'Package mysql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>=0 && revcomp(a:bver, b:\"4.1.1_2\")<0) {\n txt += 'Package mysql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>=0 && revcomp(a:bver, b:\"5.0.0_2\")<0) {\n txt += 'Package mysql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0388"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200405-20.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54580", "href": "http://plugins.openvas.org/nasl.php?oid=54580", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200405-20 (MySQL)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two MySQL utilities create temporary files with hardcoded paths, allowing\nan attacker to use a symlink to trick MySQL into overwriting important\ndata.\";\ntag_solution = \"All users should upgrade to the latest stable version of MySQL.\n\n # emerge sync\n\n # emerge -pv '>=dev-db/mysql-4.0.18-r2'\n # emerge '>=dev-db/mysql-4.0.18-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200405-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=46242\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200405-20.\";\n\n \n\nif(description)\n{\n script_id(54580);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0381\", \"CVE-2004-0388\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200405-20 (MySQL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 4.0.18-r2\"), vulnerable: make_list(\"lt 4.0.18-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0388"], "description": "The remote host is missing an update to mysql\nannounced via advisory DSA 483-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53755", "href": "http://plugins.openvas.org/nasl.php?oid=53755", "type": "openvas", "title": "Debian Security Advisory DSA 483-1 (mysql)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_483_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 483-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities have been discovered in mysql, a common database\nsystem. Two scripts contained in the package don't create temporary\nfiles in a secure fashion. This could allow a local attacker to\noverwrite files with the privileges of the user invoking the MySQL\nserver, which is often the root user. The Common Vulnerabilities and\nExposures identifies the following problems:\n\nCVE-2004-0381\n\nThe script mysqlbug in MySQL allows local users to overwrite\narbitrary files via a symlink attack.\n\nCVE-2004-0388\n\nThe script mysqld_multi in MySQL allows local users to overwrite\narbitrary files via a symlink attack.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.23.49-8.6.\n\nFor the unstable distribution (sid) these problems will be fixed in\nversion 4.0.18-6 of mysql-dfsg.\n\nWe recommend that you upgrade your mysql, mysql-dfsg and related\";\ntag_summary = \"The remote host is missing an update to mysql\nannounced via advisory DSA 483-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20483-1\";\n\nif(description)\n{\n script_id(53755);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-0381\", \"CVE-2004-0388\");\n script_bugtraq_id(9976);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 483-1 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"3.23.49-8.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient10\", ver:\"3.23.49-8.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient10-dev\", ver:\"3.23.49-8.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"3.23.49-8.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"3.23.49-8.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0381"], "description": "\nShaun Colley reports that the script `mysqlbug' included\n\t with MySQL sometimes creates temporary files in an unsafe\n\t manner. As a result, an attacker may create a symlink in\n\t /tmp so that if another user invokes `mysqlbug' and quits\n\t without making any changes, an\n\t arbitrary file may be overwritten with the bug report\n\t template.\n", "edition": 4, "modified": "2004-05-21T00:00:00", "published": "2004-03-25T00:00:00", "id": "2E129846-8FBB-11D8-8B29-0020ED76EF5A", "href": "https://vuxml.freebsd.org/freebsd/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html", "title": "MySQL insecure temporary file creation (mysqlbug)", "type": "freebsd", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-01T03:53:44", "description": "The version of MySQL installed on the remote host is older than\n4.0.20. A local attacker could exploit a flaw in mysqlbug to overwite\narbitrary files via a symlink attack.", "edition": 25, "published": "2012-01-18T00:00:00", "title": "MySQL < 4.0.20 File Overwrite", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_4_0_20.NASL", "href": "https://www.tenable.com/plugins/nessus/17823", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17823);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2004-0381\");\n script_bugtraq_id(9976);\n\n script_name(english:\"MySQL < 4.0.20 File Overwrite\");\n script_summary(english:\"Checks version of MySQL server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary files could be overwritten on the remote server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is older than\n4.0.20. A local attacker could exploit a flaw in mysqlbug to overwite\narbitrary files via a symlink attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=bugtraq&m=108206802810402&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=108023246916294&w=2\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL version 4.0.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'4.0.20', severity:SECURITY_NOTE);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:40:59", "description": "Shaun Colley reports that the script `mysqlbug' included with MySQL\nsometimes creates temporary files in an unsafe manner. As a result, an\nattacker may create a symlink in /tmp so that if another user invokes\n`mysqlbug' and quits without making any changes, an arbitrary file may\nbe overwritten with the bug report template.", "edition": 26, "published": "2009-04-23T00:00:00", "title": "FreeBSD : MySQL insecure temporary file creation (mysqlbug) (2e129846-8fbb-11d8-8b29-0020ed76ef5a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mysql-client"], "id": "FREEBSD_PKG_2E1298468FBB11D88B290020ED76EF5A.NASL", "href": "https://www.tenable.com/plugins/nessus/37467", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37467);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0381\");\n script_bugtraq_id(9976);\n\n script_name(english:\"FreeBSD : MySQL insecure temporary file creation (mysqlbug) (2e129846-8fbb-11d8-8b29-0020ed76ef5a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Shaun Colley reports that the script `mysqlbug' included with MySQL\nsometimes creates temporary files in an unsafe manner. As a result, an\nattacker may create a symlink in /tmp so that if another user invokes\n`mysqlbug' and quits without making any changes, an arbitrary file may\nbe overwritten with the bug report template.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=108023246916294&w=2\"\n );\n # http://bugs.mysql.com/bug.php?id=3284\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=3284\"\n );\n # https://vuxml.freebsd.org/freebsd/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?279ca7a7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql-client>=4.0<4.0.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-client>=4.1<4.1.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-client>=5.0<5.0.0_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T10:02:45", "description": "Two vulnerabilities have been discovered in mysql, a common database\nsystem. Two scripts contained in the package don't create temporary\nfiles in a secure fashion. This could allow a local attacker to\noverwrite files with the privileges of the user invoking the MySQL\nserver, which is often the root user. The Common Vulnerabilities and\nExposures identifies the following problems :\n\n - CAN-2004-0381\n The script mysqlbug in MySQL allows local users to\n overwrite arbitrary files via a symlink attack.\n\n - CAN-2004-0388\n\n The script mysqld_multi in MySQL allows local users to\n overwrite arbitrary files via a symlink attack.", "edition": 26, "published": "2004-09-29T00:00:00", "title": "Debian DSA-483-1 : mysql - insecure temporary file creation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0388"], "modified": "2004-09-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-483.NASL", "href": "https://www.tenable.com/plugins/nessus/15320", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-483. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15320);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0381\", \"CVE-2004-0388\");\n script_bugtraq_id(9976, 10142);\n script_xref(name:\"DSA\", value:\"483\");\n\n script_name(english:\"Debian DSA-483-1 : mysql - insecure temporary file creation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been discovered in mysql, a common database\nsystem. Two scripts contained in the package don't create temporary\nfiles in a secure fashion. This could allow a local attacker to\noverwrite files with the privileges of the user invoking the MySQL\nserver, which is often the root user. The Common Vulnerabilities and\nExposures identifies the following problems :\n\n - CAN-2004-0381\n The script mysqlbug in MySQL allows local users to\n overwrite arbitrary files via a symlink attack.\n\n - CAN-2004-0388\n\n The script mysqld_multi in MySQL allows local users to\n overwrite arbitrary files via a symlink attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-483\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql, mysql-dfsg and related packages.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.23.49-8.6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libmysqlclient10\", reference:\"3.23.49-8.6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libmysqlclient10-dev\", reference:\"3.23.49-8.6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-client\", reference:\"3.23.49-8.6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-common\", reference:\"3.23.49-8.6\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-server\", reference:\"3.23.49-8.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:51:49", "description": "The remote host is affected by the vulnerability described in GLSA-200405-20\n(Insecure Temporary File Creation In MySQL)\n\n The MySQL bug reporting utility (mysqlbug) creates a temporary file to log\n bug reports to. A malicious local user with write access to the /tmp\n directory could create a symbolic link of the name mysqlbug-N\n pointing to a protected file, such as /etc/passwd, such that when mysqlbug\n creates the Nth log file, it would end up overwriting the target\n file. A similar vulnerability exists with the mysql_multi utility, which\n creates a temporary file called mysql_multi.log.\n \nImpact :\n\n Since mysql_multi runs as root, a local attacker could use this to destroy\n any other users' data or corrupt and destroy system files.\n \nWorkaround :\n\n One could modify both scripts to log to a directory that users do not have\n write permission to, such as /var/log/mysql/.", "edition": 25, "published": "2004-08-30T00:00:00", "title": "GLSA-200405-20 : Insecure Temporary File Creation In MySQL", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0388"], "modified": "2004-08-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mysql"], "id": "GENTOO_GLSA-200405-20.NASL", "href": "https://www.tenable.com/plugins/nessus/14506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200405-20.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14506);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0381\", \"CVE-2004-0388\");\n script_xref(name:\"GLSA\", value:\"200405-20\");\n\n script_name(english:\"GLSA-200405-20 : Insecure Temporary File Creation In MySQL\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200405-20\n(Insecure Temporary File Creation In MySQL)\n\n The MySQL bug reporting utility (mysqlbug) creates a temporary file to log\n bug reports to. A malicious local user with write access to the /tmp\n directory could create a symbolic link of the name mysqlbug-N\n pointing to a protected file, such as /etc/passwd, such that when mysqlbug\n creates the Nth log file, it would end up overwriting the target\n file. A similar vulnerability exists with the mysql_multi utility, which\n creates a temporary file called mysql_multi.log.\n \nImpact :\n\n Since mysql_multi runs as root, a local attacker could use this to destroy\n any other users' data or corrupt and destroy system files.\n \nWorkaround :\n\n One could modify both scripts to log to a directory that users do not have\n write permission to, such as /var/log/mysql/.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200405-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should upgrade to the latest stable version of MySQL.\n # emerge sync\n # emerge -pv '>=dev-db/mysql-4.0.18-r2'\n # emerge '>=dev-db/mysql-4.0.18-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 4.0.18-r2\"), vulnerable:make_list(\"lt 4.0.18-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dev-db/mysql\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T11:51:21", "description": "Shaun Colley discovered that two scripts distributed with MySQL, the\n'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files\nin a secure fashion. An attacker could create symbolic links in /tmp\nthat could allow for overwriting of files with the privileges of the\nuser running the scripts.\n\nThe scripts have been patched in the updated packages to prevent this\nbehaviour.", "edition": 25, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : MySQL (MDKSA-2004:034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0388"], "modified": "2004-07-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:MySQL-common", "p-cpe:/a:mandriva:linux:lib64mysql12-devel", "p-cpe:/a:mandriva:linux:MySQL-bench", "p-cpe:/a:mandriva:linux:libmysql12", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:MySQL-Max", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:MySQL-client", "p-cpe:/a:mandriva:linux:libmysql12-devel", "p-cpe:/a:mandriva:linux:lib64mysql12", "p-cpe:/a:mandriva:linux:MySQL"], "id": "MANDRAKE_MDKSA-2004-034.NASL", "href": "https://www.tenable.com/plugins/nessus/14133", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:034. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14133);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0381\", \"CVE-2004-0388\");\n script_xref(name:\"MDKSA\", value:\"2004:034\");\n\n script_name(english:\"Mandrake Linux Security Advisory : MySQL (MDKSA-2004:034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Shaun Colley discovered that two scripts distributed with MySQL, the\n'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files\nin a secure fashion. An attacker could create symbolic links in /tmp\nthat could allow for overwriting of files with the privileges of the\nuser running the scripts.\n\nThe scripts have been patched in the updated packages to prevent this\nbehaviour.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"MySQL-4.0.18-1.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"MySQL-Max-4.0.18-1.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"MySQL-bench-4.0.18-1.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"MySQL-client-4.0.18-1.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"MySQL-common-4.0.18-1.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libmysql12-4.0.18-1.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libmysql12-devel-4.0.18-1.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"MySQL-4.0.11a-5.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"MySQL-Max-4.0.11a-5.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"MySQL-bench-4.0.11a-5.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"MySQL-client-4.0.11a-5.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"MySQL-common-4.0.11a-5.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libmysql12-4.0.11a-5.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libmysql12-devel-4.0.11a-5.2.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"MySQL-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"MySQL-Max-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"MySQL-bench-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"MySQL-client-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"MySQL-common-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64mysql12-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64mysql12-devel-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libmysql12-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libmysql12-devel-4.0.15-1.1.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T04:55:33", "description": "Updated mysql packages that fix various temporary file security\nissues, as well as a number of bugs, are now available.\n\nMySQL is a multi-user, multi-threaded SQL database server.\n\nThis update fixes a number of small bugs, including some potential\nsecurity problems associated with careless handling of temporary\nfiles. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CVE-2004-0381, CVE-2004-0388,\nand CVE-2004-0457 to these issues.\n\nA number of additional security issues that affect mysql have been\ncorrected in the source package. These include CVE-2004-0835,\nCVE-2004-0836, CVE-2004-0837, and CVE-2004-0957. Red Hat Enterprise\nLinux 3 does not ship with the mysql-server package and is therefore\nnot affected by these issues.\n\nThis update also allows 32-bit and 64-bit libraries to be installed\nconcurrently on the same system.\n\nAll users of mysql should upgrade to these updated packages, which\nresolve these issues.", "edition": 25, "published": "2004-10-21T00:00:00", "title": "RHEL 3 : mysql (RHSA-2004:569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0957", "CVE-2004-0457", "CVE-2004-0837", "CVE-2004-0388", "CVE-2004-0836", "CVE-2004-0835"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:mysql-bench", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2004-569.NASL", "href": "https://www.tenable.com/plugins/nessus/15534", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:569. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15534);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2004-0381\", \"CVE-2004-0388\", \"CVE-2004-0457\");\n script_xref(name:\"RHSA\", value:\"2004:569\");\n\n script_name(english:\"RHEL 3 : mysql (RHSA-2004:569)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix various temporary file security\nissues, as well as a number of bugs, are now available.\n\nMySQL is a multi-user, multi-threaded SQL database server.\n\nThis update fixes a number of small bugs, including some potential\nsecurity problems associated with careless handling of temporary\nfiles. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CVE-2004-0381, CVE-2004-0388,\nand CVE-2004-0457 to these issues.\n\nA number of additional security issues that affect mysql have been\ncorrected in the source package. These include CVE-2004-0835,\nCVE-2004-0836, CVE-2004-0837, and CVE-2004-0957. Red Hat Enterprise\nLinux 3 does not ship with the mysql-server package and is therefore\nnot affected by these issues.\n\nThis update also allows 32-bit and 64-bit libraries to be installed\nconcurrently on the same system.\n\nAll users of mysql should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:569\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql, mysql-bench and / or mysql-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:569\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"mysql-3.23.58-2.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mysql-bench-3.23.58-2.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mysql-devel-3.23.58-2.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:55:34", "description": "Updated mysql packages that fix various security issues, as well as a\nnumber of bugs, are now available for Red Hat Enterprise Linux 2.1.\n\nMySQL is a multi-user, multi-threaded SQL database server.\n\nA number security issues that affect the mysql server have been\nreported :\n\nOleksandr Byelkin discovered that 'ALTER TABLE ... RENAME' checked the\nCREATE/INSERT rights of the old table instead of the new one. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0835 to this issue.\n\nLukasz Wojtow discovered a buffer overrun in the mysql_real_connect\nfunction. In order to exploit this issue an attacker would need to\nforce the use of a malicious DNS server (CVE-2004-0836).\n\nDean Ellis discovered that multiple threads ALTERing the same (or\ndifferent) MERGE tables to change the UNION could cause the server to\ncrash or stall (CVE-2004-0837).\n\nSergei Golubchik discovered that if a user is granted privileges to a\ndatabase with a name containing an underscore ('_'), the user also\ngains the ability to grant privileges to other databases with similar\nnames (CVE-2004-0957).\n\nAdditionally, the following minor temporary file vulnerabilities were\ndiscovered :\n\n - Stan Bubroski and Shaun Colley found a temporary file\n vulnerability in the mysqlbug script (CVE-2004-0381). -\n A temporary file vulnerability was discovered in\n mysqld_multi (CVE-2004-0388). - Jeroen van Wolffelaar\n discovered an temporary file vulnerability in the\n mysqlhotcopy script when using the scp method\n (CVE-2004-0457).\n\nAll users of mysql should upgrade to these updated packages, which\nresolve these issues and also include fixes for a number of small\nbugs.", "edition": 27, "published": "2004-10-21T00:00:00", "title": "RHEL 2.1 : mysql (RHSA-2004:597)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0957", "CVE-2004-0457", "CVE-2004-0837", "CVE-2004-0388", "CVE-2004-0836", "CVE-2004-0835"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2004-597.NASL", "href": "https://www.tenable.com/plugins/nessus/15536", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:597. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15536);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2004-0381\", \"CVE-2004-0388\", \"CVE-2004-0457\", \"CVE-2004-0835\", \"CVE-2004-0836\", \"CVE-2004-0837\", \"CVE-2004-0957\");\n script_xref(name:\"RHSA\", value:\"2004:597\");\n\n script_name(english:\"RHEL 2.1 : mysql (RHSA-2004:597)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix various security issues, as well as a\nnumber of bugs, are now available for Red Hat Enterprise Linux 2.1.\n\nMySQL is a multi-user, multi-threaded SQL database server.\n\nA number security issues that affect the mysql server have been\nreported :\n\nOleksandr Byelkin discovered that 'ALTER TABLE ... RENAME' checked the\nCREATE/INSERT rights of the old table instead of the new one. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0835 to this issue.\n\nLukasz Wojtow discovered a buffer overrun in the mysql_real_connect\nfunction. In order to exploit this issue an attacker would need to\nforce the use of a malicious DNS server (CVE-2004-0836).\n\nDean Ellis discovered that multiple threads ALTERing the same (or\ndifferent) MERGE tables to change the UNION could cause the server to\ncrash or stall (CVE-2004-0837).\n\nSergei Golubchik discovered that if a user is granted privileges to a\ndatabase with a name containing an underscore ('_'), the user also\ngains the ability to grant privileges to other databases with similar\nnames (CVE-2004-0957).\n\nAdditionally, the following minor temporary file vulnerabilities were\ndiscovered :\n\n - Stan Bubroski and Shaun Colley found a temporary file\n vulnerability in the mysqlbug script (CVE-2004-0381). -\n A temporary file vulnerability was discovered in\n mysqld_multi (CVE-2004-0388). - Jeroen van Wolffelaar\n discovered an temporary file vulnerability in the\n mysqlhotcopy script when using the scp method\n (CVE-2004-0457).\n\nAll users of mysql should upgrade to these updated packages, which\nresolve these issues and also include fixes for a number of small\nbugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:597\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql, mysql-devel and / or mysql-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:597\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mysql-3.23.58-1.72.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mysql-devel-3.23.58-1.72.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mysql-server-3.23.58-1.72.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-devel / mysql-server\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:05:44", "description": " - Tue Oct 12 2004 Tom Lane <tgl at redhat.com> 3.23.58-9.1\n\n - fix security issues CVE-2004-0835, CVE-2004-0836,\n CVE-2004-0837 (bugs #135372, 135375, 135387)\n\n - fix privilege escalation on GRANT ALL ON `Foo\\_Bar`\n (CVE-2004-0957)\n\n - fix multilib problem with mysqlbug and mysql_config\n\n - adjust chkconfig priority per bug #128852\n\n - remove bogus quoting per bug #129409 (MySQL 4.0 has\n done likewise)\n\n - add sleep to mysql.init restart(); may or may not fix\n bug #133993\n\n - fix low-priority security issues CVE-2004-0388,\n CVE-2004-0381, CVE-2004-0457 (bugs #119442, 125991,\n 130347, 130348)\n\n - fix bug with dropping databases under recent kernels\n (bug #124352)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2004-12-09T00:00:00", "title": "Fedora Core 2 : mysql-3.23.58-9.1 (2004-530)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0381", "CVE-2004-0957", "CVE-2004-0457", "CVE-2004-0837", "CVE-2004-0388", "CVE-2004-0836", "CVE-2004-0835"], "modified": "2004-12-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:mysql-devel", "p-cpe:/a:fedoraproject:fedora:mysql-debuginfo", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fedoraproject:fedora:mysql-server", "p-cpe:/a:fedoraproject:fedora:mysql-bench"], "id": "FEDORA_2004-530.NASL", "href": "https://www.tenable.com/plugins/nessus/15930", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-530.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15930);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-530\");\n\n script_name(english:\"Fedora Core 2 : mysql-3.23.58-9.1 (2004-530)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Oct 12 2004 Tom Lane <tgl at redhat.com> 3.23.58-9.1\n\n - fix security issues CVE-2004-0835, CVE-2004-0836,\n CVE-2004-0837 (bugs #135372, 135375, 135387)\n\n - fix privilege escalation on GRANT ALL ON `Foo\\_Bar`\n (CVE-2004-0957)\n\n - fix multilib problem with mysqlbug and mysql_config\n\n - adjust chkconfig priority per bug #128852\n\n - remove bogus quoting per bug #129409 (MySQL 4.0 has\n done likewise)\n\n - add sleep to mysql.init restart(); may or may not fix\n bug #133993\n\n - fix low-priority security issues CVE-2004-0388,\n CVE-2004-0381, CVE-2004-0457 (bugs #119442, 125991,\n 130347, 130348)\n\n - fix bug with dropping databases under recent kernels\n (bug #124352)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-December/000481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ded8ed2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"mysql-3.23.58-9.1\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mysql-bench-3.23.58-9.1\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mysql-debuginfo-3.23.58-9.1\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mysql-devel-3.23.58-9.1\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mysql-server-3.23.58-9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-debuginfo / mysql-devel / mysql-server\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0381", "CVE-2004-0388"], "description": "### Background\n\nMySQL is a popular open-source multi-threaded, multi-user SQL database server. \n\n### Description\n\nThe MySQL bug reporting utility (mysqlbug) creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name mysqlbug-_N_ pointing to a protected file, such as /etc/passwd, such that when mysqlbug creates the _N_th log file, it would end up overwriting the target file. A similar vulnerability exists with the mysql_multi utility, which creates a temporary file called mysql_multi.log. \n\n### Impact\n\nSince mysql_multi runs as root, a local attacker could use this to destroy any other users' data or corrupt and destroy system files. \n\n### Workaround\n\nOne could modify both scripts to log to a directory that users do not have write permission to, such as /var/log/mysql/. \n\n### Resolution\n\nAll users should upgrade to the latest stable version of MySQL. \n \n \n # emerge sync\n \n # emerge -pv \">=dev-db/mysql-4.0.18-r2\"\n # emerge \">=dev-db/mysql-4.0.18-r2\"", "edition": 1, "modified": "2004-05-25T00:00:00", "published": "2004-05-25T00:00:00", "id": "GLSA-200405-20", "href": "https://security.gentoo.org/glsa/200405-20", "type": "gentoo", "title": "Insecure Temporary File Creation In MySQL", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:16:17", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0381", "CVE-2004-0388"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 483-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 14th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mysql\nVulnerability : insecure temporary file creation\nProblem-Type : local\nDebian-specific: no\nCVE IDs : CAN-2004-0381 CAN-2004-0388\nBugtraq ID : 9976\n\nTwo vulnerabilities have been discovered in mysql, a common database\nsystem. Two scripts contained in the package don't create temporary\nfiles in a secure fashion. This could allow a local attacker to\noverwrite files with the privileges of the user invoking the MySQL\nserver, which is often the root user. The Common Vulnerabilities and\nExposures identifies the following problems:\n\nCAN-2004-0381\n\n The script mysqlbug in MySQL allows local users to overwrite\n arbitrary files via a symlink attack.\n\nCAN-2004-0388\n\n The script mysqld_multi in MySQL allows local users to overwrite\n arbitrary files via a symlink attack.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.23.49-8.6.\n\nFor the unstable distribution (sid) these problems will be fixed in\nversion 4.0.18-6 of mysql-dfsg.\n\nWe recommend that you upgrade your mysql, mysql-dfsg and related\npackages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.dsc\n Size/MD5 checksum: 875 5ddb12f783b137adb3713eb833b2b62c\n http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.diff.gz\n Size/MD5 checksum: 61688 651060d3e96cee5f78fa3a7627cd89a7\n http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz\n Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.6_all.deb\n Size/MD5 checksum: 16860 a38766469024146e445bff07f93e4954\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_alpha.deb\n Size/MD5 checksum: 277662 54b823e4e25f4b8e260ac82539bdf84f\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_alpha.deb\n Size/MD5 checksum: 778718 e8d82f4d6e32a14e01e076314a094b03\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_alpha.deb\n Size/MD5 checksum: 163476 5bc948ab4f6ce862ebf9a64f2f7b6042\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_alpha.deb\n Size/MD5 checksum: 3634384 9d6e3871dfa018a87a516188e58dabfb\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_arm.deb\n Size/MD5 checksum: 238300 9caaa0c9a0d9909ef403f791c8ccf137\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_arm.deb\n Size/MD5 checksum: 634574 afc1a6cb70f1581a72b2f5904f8abf14\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_arm.deb\n Size/MD5 checksum: 123878 facc6f6326dc1080019fe54e7516c44a\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_arm.deb\n Size/MD5 checksum: 2805988 c38af448095a9358fe292f41c7f44fb1\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_i386.deb\n Size/MD5 checksum: 234634 5952137d0b86f6bfefd709ebfc0c624d\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_i386.deb\n Size/MD5 checksum: 576560 f8f9089209da42c1134f0157e62b4e49\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_i386.deb\n Size/MD5 checksum: 122462 148429934c68f10c291ae8ffe0a6db8c\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_i386.deb\n Size/MD5 checksum: 2800616 afd1dfcf5424f78ce7836c96b0dd92b1\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_ia64.deb\n Size/MD5 checksum: 315010 a8678f1aa73cb3a4fcbac4e479109311\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_ia64.deb\n Size/MD5 checksum: 848558 63f12a1295198c791956d3d9ba3e6364\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_ia64.deb\n Size/MD5 checksum: 173738 d83526ec16d5ba18b66bb4f0962c44f1\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_ia64.deb\n Size/MD5 checksum: 4000100 78c9cfd1bba1711338a557bd4737832f\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_hppa.deb\n Size/MD5 checksum: 280566 e11769ec989c98b9e857c30206246e95\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_hppa.deb\n Size/MD5 checksum: 743656 5fe1d40d737c3de61e7cf31183125526\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_hppa.deb\n Size/MD5 checksum: 140540 29f2b8d797afc05de720bbc4d4a517e9\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_hppa.deb\n Size/MD5 checksum: 3514794 42eaa54090fb0e6497cd1359f29e9304\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_m68k.deb\n Size/MD5 checksum: 227640 a7925061c360f47c83dcffd62b411358\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_m68k.deb\n Size/MD5 checksum: 557758 2545764c1f609dc28e4542e5f3d4b522\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_m68k.deb\n Size/MD5 checksum: 118356 47948f12e32fb25d7619c97b9f735486\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_m68k.deb\n Size/MD5 checksum: 2646508 9f49bf6d899ea6d768cfe51caa54c39c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_mips.deb\n Size/MD5 checksum: 250892 4143d2fcad7a4b7f981fa666f6fdde65\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_mips.deb\n Size/MD5 checksum: 688998 e9da91c9477edd7b93ea71d96734ad4c\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mips.deb\n Size/MD5 checksum: 133836 c2e14bd75e1a68dabfa6ef4d0002fb30\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mips.deb\n Size/MD5 checksum: 2847932 696eac6a3c87c3ff747ed71d4ad03fe4\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_mipsel.deb\n Size/MD5 checksum: 250550 f9a25d5a5ec4225c95bb799afb8029c6\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_mipsel.deb\n Size/MD5 checksum: 688316 db428d75698cd72414b471d91615bd56\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mipsel.deb\n Size/MD5 checksum: 134178 bf6e0a0eb74cc8d7c4afd19f4d05d635\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mipsel.deb\n Size/MD5 checksum: 2839102 bff1d416c52801ef49af1ce4dcce8a17\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_powerpc.deb\n Size/MD5 checksum: 247660 4e4561d59aa84920423515c7f9177273\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_powerpc.deb\n Size/MD5 checksum: 652592 b9f51e0286c747fc58e2aeac9cf3c621\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_powerpc.deb\n Size/MD5 checksum: 129376 dc96676d319a7b0ee699b7f7f628e543\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_powerpc.deb\n Size/MD5 checksum: 2823002 71952fc874cc70aa45a29bd6eb54cb50\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_s390.deb\n Size/MD5 checksum: 249960 0770d4308c3d28208bfc95f4d3473ae8\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_s390.deb\n Size/MD5 checksum: 607056 b77cf4690bb666dccd2edacbb06c09e5\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_s390.deb\n Size/MD5 checksum: 126362 eb38bd8e3f363a37dfb54844702fc4fd\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_s390.deb\n Size/MD5 checksum: 2691074 2e56d9a296a5d87388f1660510c5f8b3\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_sparc.deb\n Size/MD5 checksum: 241178 5afe949aaacf4e7b66d292ab4efc90c0\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_sparc.deb\n Size/MD5 checksum: 615208 f117524a68678d8d3aac68260e6a24cd\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_sparc.deb\n Size/MD5 checksum: 130352 a3d97c6a8b9e3d460bb6cefab2f8d5fd\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_sparc.deb\n Size/MD5 checksum: 2939242 ef58492f8397d98a25277bccfdf96986\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2004-04-14T00:00:00", "published": "2004-04-14T00:00:00", "id": "DEBIAN:DSA-483-1:C59BC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00081.html", "title": "[SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0381", "CVE-2004-0388", "CVE-2004-0457", "CVE-2004-0835", "CVE-2004-0836", "CVE-2004-0837", "CVE-2004-0957"], "description": "MySQL is a multi-user, multi-threaded SQL database server.\n\nA number security issues that affect the mysql server have been reported: \n\nOleksandr Byelkin discovered that \"ALTER TABLE ... RENAME\" checked\nthe CREATE/INSERT rights of the old table instead of the new one. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0835 to this issue.\n\nLukasz Wojtow discovered a buffer overrun in the mysql_real_connect\nfunction. In order to exploit this issue an attacker would need to force\nthe use of a malicious DNS server (CAN-2004-0836).\n\nDean Ellis discovered that multiple threads ALTERing the same (or\ndifferent) MERGE tables to change the UNION could cause the server to crash\nor stall (CAN-2004-0837).\n\nSergei Golubchik discovered that if a user is granted privileges to a\ndatabase with a name containing an underscore (\"_\"), the user also gains\nthe ability to grant privileges to other databases with similar names\n(CAN-2004-0957).\n\nAdditionally, the following minor temporary file vulnerabilities were\ndiscovered:\n \n- Stan Bubroski and Shaun Colley found a temporary file vulnerability in \n the mysqlbug script (CAN-2004-0381).\n- A temporary file vulnerability was discovered in mysqld_multi \n (CAN-2004-0388).\n- Jeroen van Wolffelaar discovered an temporary file vulnerability in the \n mysqlhotcopy script when using the scp method (CAN-2004-0457).\n\nAll users of mysql should upgrade to these updated packages, which resolve\nthese issues and also include fixes for a number of small bugs.", "modified": "2018-03-14T19:26:59", "published": "2004-10-20T04:00:00", "id": "RHSA-2004:597", "href": "https://access.redhat.com/errata/RHSA-2004:597", "type": "redhat", "title": "(RHSA-2004:597) mysql security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:55", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0381", "CVE-2004-0388", "CVE-2004-0457", "CVE-2004-0835", "CVE-2004-0836", "CVE-2004-0837", "CVE-2004-0957"], "description": "MySQL is a multi-user, multi-threaded SQL database server.\n\nThis update fixes a number of small bugs, including some potential\nsecurity problems associated with careless handling of temporary files.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2004-0381, CAN-2004-0388, and CAN-2004-0457 to these\nissues.\n\nA number of additional security issues that affect mysql have been\ncorrected in the source package. These include CAN-2004-0835,\nCAN-2004-0836, CAN-2004-0837, and CAN-2004-0957. Red Hat Enterprise Linux\n3 does not ship with the mysql-server package and is therefore not affected\nby these issues.\n\nThis update also allows 32-bit and 64-bit libraries to be installed\nconcurrently on the same system.\n\nAll users of mysql should upgrade to these updated packages, which resolve\nthese issues.", "modified": "2017-07-29T20:30:01", "published": "2004-10-20T04:00:00", "id": "RHSA-2004:569", "href": "https://access.redhat.com/errata/RHSA-2004:569", "type": "redhat", "title": "(RHSA-2004:569) mysql security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
