{"id": "FREEBSD_PKG_388D9EE47F2211DDA66A0019666436C2.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : mysql -- MyISAM table privileges security bypass vulnerability (388d9ee4-7f22-11dd-a66a-0019666436c2)", "description": "SecurityFocus reports :\n\nMySQL is prone to a security-bypass vulnerability. An attacker can\nexploit this issue to overwrite existing table files in the MySQL data\ndirectory, bypassing certain security restrictions.", "published": "2008-09-10T00:00:00", "modified": "2008-09-10T00:00:00", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/34151", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?5979460b"], "cvelist": ["CVE-2008-2079"], "type": "nessus", "lastseen": "2021-01-07T10:41:24", "edition": 24, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2079"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310100156", "OPENVAS:830421", "OPENVAS:65341", "OPENVAS:136141256231065341", "OPENVAS:1361412562310830421", "OPENVAS:61283", "OPENVAS:61618", "OPENVAS:61599", "OPENVAS:136141256231065937", "OPENVAS:65937"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1608-1:D1E27"]}, {"type": "nessus", "idList": ["MYSQL_ES_5_0_70.NASL", "GENTOO_GLSA-200809-04.NASL", "SUSE_MYSQL-5338.NASL", "DEBIAN_DSA-1608.NASL", "SUSE9_12175.NASL", "MYSQL_6_0_14_PRIV_BYPASS.NASL", "MANDRIVA_MDVSA-2008-149.NASL", "SUSE_LIBMYSQLCLIENT-DEVEL-5341.NASL", "MYSQL_ES_5_0_60.NASL", "MYSQL_4_1_24.NASL"]}, {"type": "freebsd", "idList": ["388D9EE4-7F22-11DD-A66A-0019666436C2", "738F8F9E-D661-11DD-A765-0030843D3802"]}, {"type": "redhat", "idList": ["RHSA-2008:0768", "RHSA-2008:0510", "RHSA-2009:1289", "RHSA-2008:0505"]}, {"type": "seebug", "idList": ["SSV:3280"]}, {"type": "gentoo", "idList": ["GLSA-200809-04"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23063", "SECURITYVULNS:VULN:9164"]}, {"type": "ubuntu", "idList": ["USN-671-1"]}, {"type": "centos", "idList": ["CESA-2009:1289"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0768", "ELSA-2009-1289"]}, {"type": "suse", "idList": ["SUSE-SA:2008:041"]}], "modified": "2021-01-07T10:41:24", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-01-07T10:41:24", "rev": 2}, "vulnersScore": 6.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34151);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2079\");\n script_bugtraq_id(29106);\n\n script_name(english:\"FreeBSD : mysql -- MyISAM table privileges security bypass vulnerability (388d9ee4-7f22-11dd-a66a-0019666436c2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nMySQL is prone to a security-bypass vulnerability. An attacker can\nexploit this issue to overwrite existing table files in the MySQL data\ndirectory, bypassing certain security restrictions.\"\n );\n # https://vuxml.freebsd.org/freebsd/388d9ee4-7f22-11dd-a66a-0019666436c2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5979460b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=6.0<6.0.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.1<5.1.24\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.0<5.0.67\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=4.1<4.1.22_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "34151", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql-server", "cpe:/o:freebsd:freebsd"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:28:22", "description": "MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.\nPer http://www.securityfocus.com/bid/29106 and http://secunia.com/advisories/32222, this vulnerability is remotely exploitable.", "edition": 6, "cvss3": {}, "published": "2008-05-05T16:20:00", "title": "CVE-2008-2079", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2079"], "modified": "2019-12-17T15:25:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:canonical:ubuntu_linux:8.04"], "id": "CVE-2008-2079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2079", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:56:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "description": "Check for the Version of mysql", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830421", "href": "http://plugins.openvas.org/nasl.php?oid=830421", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2008:149 (mysql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2008:149 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sergei Golubchik found that MySQL did not properly validate optional\n data or index directory paths given in a CREATE TABLE statement; as\n well it would not, under certain conditions, prevent two databases\n from using the same paths for data or index files. This could allow\n an authenticated user with appropriate privilege to create tables in\n one database to read and manipulate data in tables later created in\n other databases, regardless of GRANT privileges (CVE-2008-2079).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"mysql on Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00035.php\");\n script_id(830421);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:149\");\n script_cve_id(\"CVE-2008-2079\");\n script_name( \"Mandriva Update for mysql MDVSA-2008:149 (mysql)\");\n\n script_summary(\"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-17T00:00:00", "id": "OPENVAS:61618", "href": "http://plugins.openvas.org/nasl.php?oid=61618", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "sourceData": "#\n#VID 388d9ee4-7f22-11dd-a66a-0019666436c2\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 388d9ee4-7f22-11dd-a66a-0019666436c2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2008-2079\nMySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24,\nand 6.0.x before 6.0.5 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the\nMySQL home data directory, which can point to tables that are created\nin the future.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(61618);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-17 04:23:15 +0200 (Wed, 17 Sep 2008)\");\n script_cve_id(\"CVE-2008-2079\");\n script_bugtraq_id(29106);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0\")>=0 && revcomp(a:bver, b:\"6.0.5\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>=0 && revcomp(a:bver, b:\"5.1.24\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>=0 && revcomp(a:bver, b:\"5.0.67\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>=0 && revcomp(a:bver, b:\"5.0\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "description": "Check for the Version of mysql", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830421", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2008:149 (mysql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2008:149 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sergei Golubchik found that MySQL did not properly validate optional\n data or index directory paths given in a CREATE TABLE statement; as\n well it would not, under certain conditions, prevent two databases\n from using the same paths for data or index files. This could allow\n an authenticated user with appropriate privilege to create tables in\n one database to read and manipulate data in tables later created in\n other databases, regardless of GRANT privileges (CVE-2008-2079).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"mysql on Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00035.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830421\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:149\");\n script_cve_id(\"CVE-2008-2079\");\n script_name( \"Mandriva Update for mysql MDVSA-2008:149 (mysql)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.51a~8.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "description": "The remote host is missing an update to mysql-dfsg-5.0\nannounced via advisory DSA 1608-1.", "modified": "2017-07-07T00:00:00", "published": "2008-07-15T00:00:00", "id": "OPENVAS:61283", "href": "http://plugins.openvas.org/nasl.php?oid=61283", "type": "openvas", "title": "Debian Security Advisory DSA 1608-1 (mysql-dfsg-5.0)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1608_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1608-1 (mysql-dfsg-5.0)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sergei Golubchik discovered that MySQL, a widely-deployed database\nserver, did not properly validate optional data or index directory\npaths given in a CREATE TABLE statement, nor would it (under proper\nconditions) prevent two databases from using the same paths for data\nor index files. This permits an authenticated user with authorization\nto create tables in one database to read, write or delete data from\ntables subsequently created in other databases, regardless of other\nGRANT authorizations. The Common Vulnerabilities and Exposures\nproject identifies this weakness as CVE-2008-2079.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch6. Note that the fix applied will have the\nconsequence of disallowing the selection of data or index paths\nunder the database root, which on a Debian system is /var/lib/mysql;\ndatabase administrators needing to control the placement of these\nfiles under that location must do so through other means.\n\nWe recommend that you upgrade your mysql-dfsg-5.0 packages.\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg-5.0\nannounced via advisory DSA 1608-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201608-1\";\n\n\nif(description)\n{\n script_id(61283);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-07-15 02:29:31 +0200 (Tue, 15 Jul 2008)\");\n script_cve_id(\"CVE-2008-2079\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1608-1 (mysql-dfsg-5.0)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient15off\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient15-dev\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.0\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-4.1\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.0\", ver:\"5.0.32-7etch6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200809-04.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:61599", "href": "http://plugins.openvas.org/nasl.php?oid=61599", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200809-04 (mysql)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in MySQL might allow users to bypass privileges and gain\naccess to other databases.\";\ntag_solution = \"All MySQL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.0.60-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200809-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=220399\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200809-04.\";\n\n \n\nif(description)\n{\n script_id(61599);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-2079\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200809-04 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 5.0.60-r1\"), vulnerable: make_list(\"lt 5.0.60-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7232", "CVE-2008-2079"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032620 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65341", "href": "http://plugins.openvas.org/nasl.php?oid=65341", "type": "openvas", "title": "SLES9: Security update for MySQL", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5032620.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for MySQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032620 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65341);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2079\", \"CVE-2006-7232\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for MySQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.0.18~32.35\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7232", "CVE-2008-2079"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065937", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065937", "type": "openvas", "title": "SLES10: Security update for MySQL", "sourceData": "#\n#VID slesp2-mysql-5338\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for MySQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65937\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2079\", \"CVE-2006-7232\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for MySQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-Max\", rpm:\"mysql-Max~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-shared\", rpm:\"mysql-shared~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7232", "CVE-2008-2079"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032620 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065341", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065341", "type": "openvas", "title": "SLES9: Security update for MySQL", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5032620.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for MySQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032620 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65341\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2079\", \"CVE-2006-7232\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for MySQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.0.18~32.35\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7232", "CVE-2008-2079"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65937", "href": "http://plugins.openvas.org/nasl.php?oid=65937", "type": "openvas", "title": "SLES10: Security update for MySQL", "sourceData": "#\n#VID slesp2-mysql-5338\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for MySQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65937);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2079\", \"CVE-2006-7232\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for MySQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-Max\", rpm:\"mysql-Max~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-shared\", rpm:\"mysql-shared~5.0.26~12.20\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0227", "CVE-2008-0226", "CVE-2008-2079"], "description": "Check for the Version of mysql", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830772", "href": "http://plugins.openvas.org/nasl.php?oid=830772", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2008:150 (mysql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2008:150 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple buffer overflows in yaSSL, which is used in MySQL, allowed\n remote attackers to execute arbitrary code (CVE-2008-0226) or cause\n a denial of service via a special Hello packet (CVE-2008-0227).\n\n Sergei Golubchik found that MySQL did not properly validate optional\n data or index directory paths given in a CREATE TABLE statement; as\n well it would not, under certain conditions, prevent two databases\n from using the same paths for data or index files. This could allow\n an authenticated user with appropriate privilege to create tables in\n one database to read and manipulate data in tables later created in\n other databases, regardless of GRANT privileges (CVE-2008-2079).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"mysql on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00036.php\");\n script_id(830772);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:150\");\n script_cve_id(\"CVE-2008-0226\", \"CVE-2008-0227\", \"CVE-2008-2079\");\n script_name( \"Mandriva Update for mysql MDVSA-2008:150 (mysql)\");\n\n script_summary(\"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.45~8.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.45~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:29:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1608-1 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nJuly 13, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : mysql-dfsg-5.0\nVulnerability : authorization bypass\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-2079\nDebian Bug : 480292\n\nSergei Golubchik discovered that MySQL, a widely-deployed database\nserver, did not properly validate optional data or index directory\npaths given in a CREATE TABLE statement, nor would it (under proper\nconditions) prevent two databases from using the same paths for data\nor index files. This permits an authenticated user with authorization\nto create tables in one database to read, write or delete data from\ntables subsequently created in other databases, regardless of other\nGRANT authorizations. The Common Vulnerabilities and Exposures\nproject identifies this weakness as CVE-2008-2079.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch6. Note that the fix applied will have the\nconsequence of disallowing the selection of data or index paths\nunder the database root, which on a Debian system is /var/lib/mysql;\ndatabase administrators needing to control the placement of these\nfiles under that location must do so through other means.\n\nWe recommend that you upgrade your mysql-dfsg-5.0 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.diff.gz\n Size/MD5 checksum: 266482 42faf9d31d5bf1674d5b241ff49341cf\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz\n Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.dsc\n Size/MD5 checksum: 1117 367176f5e877cf3c46c662b87275f901\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch6_all.deb\n Size/MD5 checksum: 45888 48a61918f72d865970ef48bc4eeb3466\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch6_all.deb\n Size/MD5 checksum: 54220 72f5ee84fa60b0871600fbe5fd4f5a74\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch6_all.deb\n Size/MD5 checksum: 47968 e8a2d9a5f13043c67a3d9ba4caa57a3c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 1947356 1cd753a88978d41452bffc772323eb83\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 8909108 61b392dc0be2b82c3e6a5657ad06fca8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 27381852 9e9fc87afceae3cb7c157369843a30ad\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 47992 8798c205394f39c843df143db2ba37af\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 8405314 f52f8049cb3080bca02eeba5c2e14a1d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 47990 3662d9f51257c5fc57e7a20b90a6f33d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 7371044 0fd9eb3504a9958b1f709a48649b41c0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 25815708 3fd278cba985110a578fc8d5bc76f8e9\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 1830958 6cc454236571032d4c723a4084cae535\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 7548576 ce08e3855077d14ddf73d70362faaaf1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 1748158 271c0b333e4404ac1a3230e13e182c70\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 6930330 70477965987251fa25ace71df5c200f7\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 25345976 f7908a64856451893285ebaebb4f6125\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 48034 90284b682bc77e4401c216f3f49d8995\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 7205572 7ebe1cb99dbb00a4db7ee387c2533a44\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 8054566 6ed6093c2dae6999126eacf5309e4474\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 47990 688427cc2115f9260546013364aca60b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 1922788 5645332118ae75b274e760c448150f1b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 27172760 bc2bfe60a4ff106fade4da459e07a5eb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 8004968 53ba9f2f9c169765ad97900efb5f9c1a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 1792338 2bfed729400306f35a68d210af5a6666\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 7198430 0c542cde542474c58468b52f97890ec2\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 6959158 2c879cabd32fec019ebbf110b43c9e62\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 47990 ba04b03ff5cfb960c9a7b461fe879928\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 25225784 2382d6a8f5e57dc84060b51116b03833\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 2115542 0bb8b1f251231f14bfa27f0138f01a5d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 9737938 41806cfb4504905e6be20f3047aefdf0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 30409676 b6f620c479e5d2a1aa9f9e20e5382849\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 47992 a6d309557d081dc76b60c359977cf805\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 10342514 25e2a3dbf910557ed1899ef1dce83cd8\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 48020 7192dc50d43ca3d5710bfe2501fd0ee1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 26471616 c8f937742bb947ed1994ee4bfb59f4ea\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 1835022 b6d0c5c0eb384329ec2678b43380d8fb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 7759368 7121a9cfcdbf26a89fc95e00113a20fb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 7672846 5fbe3662bc253bda3ccf62c8c78d7cf4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 7641076 937625ccc622b46c4c6a5cffeda033ec\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 1789730 90d351c1551367cc5e77d008236402cd\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 25845336 ed42a4ccbb7057dc660197fee3566682\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 47992 1c0eb8257b01d13b4bf0f70d97612e67\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 7561054 d5fbe5e214b39736f6eb13c2633fd102\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 7573142 49364df9e5cd4842fd9f72a40589d18c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 47990 1eceb3165524be6ce46a6a1cab526a24\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 7512578 e78ebeed9529c4bddd4976a1181d86e6\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 26165058 0c20e4fb11a5b89b572d177b86cde355\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 1832632 7e633b4febc3d0bfcb6c993cf85574c0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 7414202 4ff1d98b4b41543fdb24fc3be75b2835\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 47988 8734d7200d69ed73cda3c80ec9115247\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 7507338 921ca2feff00e5d2c0a36e34403538f0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 1952002 ca93cf34f53f7d2c3094157142df632f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 26764624 d785bab765139dcb98872a2b96b85909\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 1797778 6df91c9bce65192cdb3063c3111e941d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 47992 b7d1d6f2ff76ef9bcf126d2dd773bb72\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 7014210 f23cf47cc8b16e28f22c1a13b4a6936c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 25426696 16bfb42f9a4dab6146df47568da158df\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 7153268 811916b6dec1eeae2ddb9822dacea994\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 3, "modified": "2008-07-13T04:55:27", "published": "2008-07-13T04:55:27", "id": "DEBIAN:DSA-1608-1:D1E27", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00189.html", "title": "[SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "The Red Hat Application Stack is an integrated open source application\nstack, and includes JBoss Enterprise Application Platform (EAP).\n\nStarting with this update, JBoss EAP is no longer provided via the\nApplication Stack channels. Instead, all Application Stack customers are\nautomatically entitled to the JBoss EAP channels. This ensures all users\nhave immediate access to JBoss EAP packages when they are released,\nensuring lesser wait for security and critical patches.\n\nAs a result, you must MANUALLY subscribe to the appropriate JBoss EAP\nchannel, as all further JBoss EAP updates will only go to that channel.\n\nThis update also entitles all customers to the JBoss EAP 4.3.0 channels.\nUsers receive support for JBoss EAP 4.3.0 if they choose to install it.\nImportant: downgrading from JBoss EAP 4.3.0 to 4.2.0 is unsupported.\n\nMySQL was updated to version 5.0.50sp1a, fixing the following security\nissue:\n\nMySQL did not correctly check directories used as arguments for the DATA\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\nattacker could elevate their access privileges to tables created by other\ndatabase users. Note: this attack does not work on existing tables. An\nattacker can only elevate their access to another user's tables as the\ntables are created. As well, the names of these created tables need to be\npredicted correctly for this attack to succeed. (CVE-2008-2079)\n\nThe following packages are updated:\n\n* httpd to 2.0.63\n* mod_jk to 1.2.26\n* the MySQL Connector/ODBC to 3.51.24r1071\n* perl-DBD-MySQL to 4.006\n* perl-DBI to 1.604\n* postgresqlclient7 to 7.4.19\n* postgresql-jdbc to 8.1.412\n* unixODBC to 2.2.12", "modified": "2019-03-22T23:44:39", "published": "2008-07-02T04:00:00", "id": "RHSA-2008:0510", "href": "https://access.redhat.com/errata/RHSA-2008:0510", "type": "redhat", "title": "(RHSA-2008:0510) Moderate: Red Hat Application Stack v1.3 security and enhancement update", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3469", "CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\r\nclient/server implementation consisting of a server daemon (mysqld), and\r\nmany different client programs and libraries.\r\n\r\nMySQL did not correctly check directories used as arguments for the DATA\r\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\r\nattacker could elevate their access privileges to tables created by other\r\ndatabase users. Note: this attack does not work on existing tables. An\r\nattacker can only elevate their access to another user's tables as the\r\ntables are created. As well, the names of these created tables need to be\r\npredicted correctly for this attack to succeed. (CVE-2008-2079)\r\n\r\nMySQL did not require the \"DROP\" privilege for \"RENAME TABLE\" statements.\r\nAn authenticated user could use this flaw to rename arbitrary tables.\r\n(CVE-2007-2691)\r\n\r\nMySQL allowed an authenticated user to access a table through a previously\r\ncreated MERGE table, even after the user's privileges were revoked from the\r\noriginal table, which might violate intended security policy. This is\r\naddressed by allowing the MERGE storage engine to be disabled, which can be\r\ndone by running mysqld with the \"--skip-merge\" option. (CVE-2006-4031)\r\n\r\nA flaw in MySQL allowed an authenticated user to cause the MySQL daemon to\r\ncrash via crafted SQL queries. This only caused a temporary denial of\r\nservice, as the MySQL daemon is automatically restarted after the crash.\r\n(CVE-2006-3469)\r\n\r\nAs well, these updated packages fix the following bugs:\r\n\r\n* in the previous mysql packages, if a column name was referenced more\r\nthan once in an \"ORDER BY\" section of a query, a segmentation fault\r\noccurred.\r\n\r\n* when MySQL failed to start, the init script returned a successful (0)\r\nexit code. When using the Red Hat Cluster Suite, this may have caused\r\ncluster services to report a successful start, even when MySQL failed to\r\nstart. In these updated packages, the init script returns the correct exit\r\ncodes, which resolves this issue.\r\n\r\n* it was possible to use the mysqld_safe command to specify invalid port\r\nnumbers (higher than 65536), causing invalid ports to be created, and, in\r\nsome cases, a \"port number definition: unsigned short\" error. In these\r\nupdated packages, when an invalid port number is specified, the default\r\nport number is used.\r\n\r\n* when setting \"myisam_repair_threads > 1\", any repair set the index\r\ncardinality to \"1\", regardless of the table size.\r\n\r\n* the MySQL init script no longer runs \"chmod -R\" on the entire database\r\ndirectory tree during every startup.\r\n\r\n* when running \"mysqldump\" with the MySQL 4.0 compatibility mode option,\r\n\"--compatible=mysql40\", mysqldump created dumps that omitted the\r\n\"auto_increment\" field.\r\n\r\nAs well, the MySQL init script now uses more reliable methods for\r\ndetermining parameters, such as the data directory location.\r\n\r\nNote: these updated packages upgrade MySQL to version 4.1.22. For a full\r\nlist of bug fixes and enhancements, refer to the MySQL release notes:\r\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\r\n\r\nAll mysql users are advised to upgrade to these updated packages, which\r\nresolve these issues and add this enhancement.", "modified": "2017-09-08T11:50:19", "published": "2008-07-24T04:00:00", "id": "RHSA-2008:0768", "href": "https://access.redhat.com/errata/RHSA-2008:0768", "type": "redhat", "title": "(RHSA-2008:0768) Moderate: mysql security, bug fix, and enhancement update", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079", "CVE-2008-3963", "CVE-2008-4456", "CVE-2009-2446"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nMySQL did not correctly check directories used as arguments for the DATA\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\nattacker could elevate their access privileges to tables created by other\ndatabase users. Note: This attack does not work on existing tables. An\nattacker can only elevate their access to another user's tables as the\ntables are created. As well, the names of these created tables need to be\npredicted correctly for this attack to succeed. (CVE-2008-2079)\n\nA flaw was found in the way MySQL handles an empty bit-string literal. A\nremote, authenticated attacker could crash the MySQL server daemon (mysqld)\nif they used an empty bit-string literal in an SQL statement. This issue\nonly caused a temporary denial of service, as the MySQL daemon was\nautomatically restarted after the crash. (CVE-2008-3963)\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logs\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specifically-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"/etc/my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nThis update also fixes multiple bugs. Details regarding these bugs can be\nfound in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find a\nlink to the Technical Notes in the References section of this errata.\n\nNote: These updated packages upgrade MySQL to version 5.0.77 to incorporate\nnumerous upstream bug fixes. Details of these changes are found in the\nfollowing MySQL Release Notes:\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html\n\nAll MySQL users are advised to upgrade to these updated packages, which\nresolve these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.", "modified": "2017-09-08T11:57:00", "published": "2009-09-02T13:47:12", "id": "RHSA-2009:1289", "href": "https://access.redhat.com/errata/RHSA-2009:1289", "type": "redhat", "title": "(RHSA-2009:1289) Moderate: mysql security and bug fix update", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4782", "CVE-2007-5898", "CVE-2007-5899", "CVE-2008-0599", "CVE-2008-2051", "CVE-2008-2079", "CVE-2008-2107", "CVE-2008-2108"], "description": "The Red Hat Application Stack is an integrated open source application\r\nstack, and includes JBoss Enterprise Application Platform (EAP).\r\n\r\nStarting with this update, JBoss EAP is no longer provided via the\r\nApplication Stack channels. Instead, all Application Stack customers are\r\nautomatically entitled to the JBoss EAP channels. This ensures all users\r\nhave immediate access to JBoss EAP packages when they are released,\r\nensuring lesser wait for security and critical patches.\r\n\r\nAs a result, you must MANUALLY subscribe to the appropriate JBoss EAP\r\nchannel, as all further JBoss EAP updates will only go to that channel.\r\n\r\nThis update also entitles all customers to the JBoss EAP 4.3.0 channels.\r\nUsers receive support for JBoss EAP 4.3.0 if they choose to install it.\r\nImportant: downgrading from JBoss EAP 4.3.0 to 4.2.0 is unsupported.\r\n\r\nPHP was updated to version 5.2.6, fixing the following security issues:\r\n\r\nIt was discovered that the PHP escapeshellcmd() function did not properly\r\nescape multi-byte characters which are not valid in the locale used by the\r\nscript. This could allow an attacker to bypass quoting restrictions imposed\r\nby escapeshellcmd() and execute arbitrary commands if the PHP script was\r\nusing certain locales. Scripts using the default UTF-8 locale are not\r\naffected by this issue. (CVE-2008-2051)\r\n\r\nThe PHP functions htmlentities() and htmlspecialchars() did not properly\r\nrecognize partial multi-byte sequences. Certain sequences of bytes could be\r\npassed through these functions without being correctly HTML-escaped.\r\nDepending on the browser being used, an attacker could use this flaw to\r\nconduct cross-site scripting attacks. (CVE-2007-5898)\r\n\r\nA PHP script which used the transparent session ID configuration option, or\r\nwhich used the output_add_rewrite_var() function, could leak session\r\nidentifiers to external web sites. If a page included an HTML form with an\r\nACTION attribute referencing a non-local URL, the user's session ID would\r\nbe included in the form data passed to that URL. (CVE-2007-5899)\r\n\r\nIt was discovered that the PHP fnmatch() function did not restrict the\r\nlength of the string argument. An attacker could use this flaw to crash the\r\nPHP interpreter where a script used fnmatch() on untrusted input data.\r\n(CVE-2007-4782)\r\n\r\nIt was discovered that PHP did not properly seed its pseudo-random number\r\ngenerator used by functions such as rand() and mt_rand(), possibly allowing\r\nan attacker to easily predict the generated pseudo-random values.\r\n(CVE-2008-2107, CVE-2008-2108)\r\n\r\nA flaw was found in PHP's CGI server API. If the web server did not set\r\nDOCUMENT_ROOT environment variable for PHP (e.g. when running PHP in the\r\nFastCGI server mode), an attacker could cause a crash of the PHP child\r\nprocess, causing a temporary denial of service. (CVE-2008-0599)\r\n\r\nMySQL was updated to version 5.0.50sp1a, fixing the following security\r\nissue:\r\n\r\nMySQL did not correctly check directories used as arguments for the DATA\r\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\r\nattacker could elevate their access privileges to tables created by other\r\ndatabase users. Note: this attack does not work on existing tables. An\r\nattacker can only elevate their access to another user's tables as the\r\ntables are created. As well, the names of these created tables need to be\r\npredicted correctly for this attack to succeed. (CVE-2008-2079)\r\n\r\nThe following packages are updated:\r\n\r\n* httpd to 2.2.8\r\n* mod_jk to 1.2.26\r\n* mod_perl to 2.0.4\r\n* the MySQL Connector/ODBC to 3.51.24r1071\r\n* the MySQL Connector/J (JDBC driver) to 5.0.8\r\n* perl-DBD-MySQL to 4.006\r\n* perl-DBI to 1.604\r\n* postgresql to 8.2.7\r\n* postgresql-jdbc to 8.2.508\r\n* postgresqlclient81 to 8.1.11\r\n* postgresql-odbc to 8.02.0500", "modified": "2019-03-22T23:44:21", "published": "2008-07-02T04:00:00", "id": "RHSA-2008:0505", "href": "https://access.redhat.com/errata/RHSA-2008:0505", "type": "redhat", "title": "(RHSA-2008:0505) Moderate: Red Hat Application Stack v2.1 security and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:42:20", "description": "BUGTRAQ ID: 29106&lt;br /&gt;\r\nCVE(CAN) ID: CVE-2008-2079&lt;br /&gt;\r\n&lt;br /&gt;\r\nMySQL\u662f\u4e00\u6b3e\u4f7f\u7528\u975e\u5e38\u5e7f\u6cdb\u7684\u5f00\u653e\u6e90\u4ee3\u7801\u5173\u7cfb\u6570\u636e\u5e93\u7cfb\u7edf\uff0c\u62e5\u6709\u5404\u79cd\u5e73\u53f0\u7684\u8fd0\u884c\u7248\u672c\u3002&lt;br /&gt;\r\n&lt;br /&gt;\r\n\u5f53\u7528\u6237\u5728MySQL\u6570\u636e\u5e93\u4e2d\u4ee5\u4ee5\u4e0b\u9009\u9879\u521b\u5efaMyISAM\u8868\u65f6\uff1a&lt;br /&gt;\r\n&lt;br /&gt;\r\n CREATE TABLE ( ) DATA DIRECTORY ... INDEX DIRECTORY ...&lt;br /&gt;\r\n&lt;br /&gt;\r\n\u5c31\u53ef\u80fd\u8986\u76d6MySQL\u6570\u636e\u76ee\u5f55\u4e2d\u7684\u5df2\u6709\u8868\u683c\u6587\u4ef6\uff0c\u7ed5\u8fc7\u6743\u9650\u68c0\u67e5\u5728\u5176\u4ed6\u6570\u636e\u5e93\u4e2d\u521b\u5efa\u8868\u683c\u3002&lt;br /&gt;\r\n&lt;br /&gt;\r\n\n\nMySQL AB MySQL 5.0\r\nMySQL AB MySQL 4.x\n MySQL AB\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mysql.com/ target=_blank>http://www.mysql.com/</a>", "published": "2008-05-12T00:00:00", "type": "seebug", "title": "MySQL MyISAM\u8868\u7ed5\u8fc7\u6743\u9650\u68c0\u67e5\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2079"], "modified": "2008-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3280", "id": "SSV:3280", "sourceData": "\n root&gt;\u00a0grant\u00a0all\u00a0privileges\u00a0on\u00a0test.*\u00a0to\u00a0test@localhost;&lt;br /&gt;\r\n&lt;br /&gt;\r\ntest&gt;\u00a0create\u00a0table\u00a0t1\u00a0(a\u00a0int)\u00a0data\u00a0directory\u00a0'/MySQL/var/mysql',\u00a0index\u00a0directory&lt;br /&gt;\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3280", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "\nSecurityFocus reports:\n\nMySQL is prone to a security-bypass vulnerability.\n\t An attacker can exploit this issue to overwrite existing\n\t table files in the MySQL data directory, bypassing certain\n\t security restrictions.\n\n", "edition": 4, "modified": "2008-10-10T00:00:00", "published": "2008-05-05T00:00:00", "id": "388D9EE4-7F22-11DD-A66A-0019666436C2", "href": "https://vuxml.freebsd.org/freebsd/388d9ee4-7f22-11dd-a66a-0019666436c2.html", "title": "mysql -- MyISAM table privileges security bypass vulnerability", "type": "freebsd", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:19", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "description": "\nMySQL Team reports:\n\nAdditional corrections were made for the symlink-related privilege\n\t problem originally addressed. The original fix did not correctly\n\t handle the data directory pathname if it contained symlinked\n\t directories in its path, and the check was made only at\n\t table-creation time, not at table-opening time later.\n\n", "edition": 4, "modified": "2008-07-03T00:00:00", "published": "2008-07-03T00:00:00", "id": "738F8F9E-D661-11DD-A765-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/738f8f9e-d661-11dd-a765-0030843d3802.html", "title": "mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths", "type": "freebsd", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. \n\n### Description\n\nSergei Golubchik reported that MySQL imposes no restrictions on the specification of \"DATA DIRECTORY\" or \"INDEX DIRECTORY\" in SQL \"CREATE TABLE\" statements. \n\n### Impact\n\nAn authenticated remote attacker could create MyISAM tables, specifying DATA or INDEX directories that contain future table files by other database users, or existing table files in the MySQL data directory, gaining access to those tables. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MySQL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.0.60-r1\"", "edition": 1, "modified": "2008-09-04T00:00:00", "published": "2008-09-04T00:00:00", "id": "GLSA-200809-04", "href": "https://security.gentoo.org/glsa/200809-04", "type": "gentoo", "title": "MySQL: Privilege bypass", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T03:54:48", "description": "The version of MySQL Enterprise Server 5.0 installed on the remote\nhost is earlier than 5.0.60. Such versions reportedly allow a local\nuser to circumvent privileges through creation of MyISAM tables using\nthe 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory.", "edition": 25, "published": "2008-05-09T00:00:00", "title": "MySQL Enterprise Server 5.0 < 5.0.60 MyISAM CREATE TABLE Privilege Check Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_ES_5_0_60.NASL", "href": "https://www.tenable.com/plugins/nessus/32138", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32138);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n\n script_cve_id(\"CVE-2008-2079\");\n script_bugtraq_id(29106);\n script_xref(name:\"Secunia\", value:\"30134\");\n\n script_name(english:\"MySQL Enterprise Server 5.0 < 5.0.60 MyISAM CREATE TABLE Privilege Check Bypass\");\n script_summary(english:\"Checks version of MySQL Enterprise Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server allows a local user to circumvent\nprivileges.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL Enterprise Server 5.0 installed on the remote\nhost is earlier than 5.0.60. Such versions reportedly allow a local\nuser to circumvent privileges through creation of MyISAM tables using\nthe 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.mysql.com/bug.php?id=32167\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-60.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Server version 5.0.60 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\n\nif (mysql_init(port:port, exit_on_fail:TRUE) == 1)\n{\n variant = mysql_get_variant();\n ver = mysql_get_version();\n\n if (\n \"Enterprise \" >< variant && \n strlen(ver) && ver =~ \"^5\\.0\\.([0-9]|[1-5][0-9])($|[^0-9])\"\n )\n {\n if (report_verbosity > 0)\n {\n report =\n '\\nThe remote MySQL '+variant+'\\'s version is :\\n'+\n '\\n '+ver+'\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_note(port:port, extra:report);\n }\n else security_note(port);\n }\n}\nmysql_close();\n", "cvss": {"score": 3.5, "vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:03", "description": "Sergei Golubchik discovered that MySQL, a widely-deployed database\nserver, did not properly validate optional data or index directory\npaths given in a CREATE TABLE statement, nor would it (under proper\nconditions) prevent two databases from using the same paths for data\nor index files. This permits an authenticated user with authorization\nto create tables in one database to read, write or delete data from\ntables subsequently created in other databases, regardless of other\nGRANT authorizations. The Common Vulnerabilities and Exposures project\nidentifies this weakness as CVE-2008-2079.", "edition": 25, "published": "2008-07-15T00:00:00", "title": "Debian DSA-1608-1 : mysql-dfsg-5.0 - authorization bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "modified": "2008-07-15T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0"], "id": "DEBIAN_DSA-1608.NASL", "href": "https://www.tenable.com/plugins/nessus/33492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1608. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33492);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2079\");\n script_bugtraq_id(29106);\n script_xref(name:\"DSA\", value:\"1608\");\n\n script_name(english:\"Debian DSA-1608-1 : mysql-dfsg-5.0 - authorization bypass\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sergei Golubchik discovered that MySQL, a widely-deployed database\nserver, did not properly validate optional data or index directory\npaths given in a CREATE TABLE statement, nor would it (under proper\nconditions) prevent two databases from using the same paths for data\nor index files. This permits an authenticated user with authorization\nto create tables in one database to read, write or delete data from\ntables subsequently created in other databases, regardless of other\nGRANT authorizations. The Common Vulnerabilities and Exposures project\nidentifies this weakness as CVE-2008-2079.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1608\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-dfsg-5.0 packages.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch6. Note that the fix applied will have the\nconsequence of disallowing the selection of data or index paths under\nthe database root, which on a Debian system is /var/lib/mysql;\ndatabase administrators needing to control the placement of these\nfiles under that location must do so through other means.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libmysqlclient15-dev\", reference:\"5.0.32-7etch6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmysqlclient15off\", reference:\"5.0.32-7etch6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-client\", reference:\"5.0.32-7etch6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-client-5.0\", reference:\"5.0.32-7etch6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-common\", reference:\"5.0.32-7etch6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-server\", reference:\"5.0.32-7etch6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-server-4.1\", reference:\"5.0.32-7etch6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-server-5.0\", reference:\"5.0.32-7etch6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:24", "description": "The remote host is affected by the vulnerability described in GLSA-200809-04\n(MySQL: Privilege bypass)\n\n Sergei Golubchik reported that MySQL imposes no restrictions on the\n specification of 'DATA DIRECTORY' or 'INDEX DIRECTORY' in SQL 'CREATE\n TABLE' statements.\n \nImpact :\n\n An authenticated remote attacker could create MyISAM tables, specifying\n DATA or INDEX directories that contain future table files by other\n database users, or existing table files in the MySQL data directory,\n gaining access to those tables.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2008-09-05T00:00:00", "title": "GLSA-200809-04 : MySQL: Privilege bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "modified": "2008-09-05T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mysql"], "id": "GENTOO_GLSA-200809-04.NASL", "href": "https://www.tenable.com/plugins/nessus/34093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200809-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34093);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2079\");\n script_xref(name:\"GLSA\", value:\"200809-04\");\n\n script_name(english:\"GLSA-200809-04 : MySQL: Privilege bypass\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200809-04\n(MySQL: Privilege bypass)\n\n Sergei Golubchik reported that MySQL imposes no restrictions on the\n specification of 'DATA DIRECTORY' or 'INDEX DIRECTORY' in SQL 'CREATE\n TABLE' statements.\n \nImpact :\n\n An authenticated remote attacker could create MyISAM tables, specifying\n DATA or INDEX directories that contain future table files by other\n database users, or existing table files in the MySQL data directory,\n gaining access to those tables.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200809-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.0.60-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 5.0.60-r1\"), vulnerable:make_list(\"lt 5.0.60-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:54", "description": "Sergei Golubchik found that MySQL did not properly validate optional\ndata or index directory paths given in a CREATE TABLE statement; as\nwell it would not, under certain conditions, prevent two databases\nfrom using the same paths for data or index files. This could allow an\nauthenticated user with appropriate privilege to create tables in one\ndatabase to read and manipulate data in tables later created in other\ndatabases, regardless of GRANT privileges (CVE-2008-2079).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : mysql (MDVSA-2008:149)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mysql-doc", "p-cpe:/a:mandriva:linux:mysql-ndb-management", "p-cpe:/a:mandriva:linux:mysql-bench", "p-cpe:/a:mandriva:linux:mysql", "p-cpe:/a:mandriva:linux:libmysql-devel", "p-cpe:/a:mandriva:linux:lib64mysql15", "p-cpe:/a:mandriva:linux:mysql-max", "p-cpe:/a:mandriva:linux:mysql-ndb-tools", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:lib64mysql-static-devel", "p-cpe:/a:mandriva:linux:mysql-ndb-storage", "p-cpe:/a:mandriva:linux:mysql-common", "p-cpe:/a:mandriva:linux:mysql-ndb-extra", "p-cpe:/a:mandriva:linux:mysql-client", "p-cpe:/a:mandriva:linux:lib64mysql-devel", "p-cpe:/a:mandriva:linux:libmysql-static-devel", "p-cpe:/a:mandriva:linux:libmysql15"], "id": "MANDRIVA_MDVSA-2008-149.NASL", "href": "https://www.tenable.com/plugins/nessus/37407", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:149. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37407);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2079\");\n script_bugtraq_id(29106);\n script_xref(name:\"MDVSA\", value:\"2008:149\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mysql (MDVSA-2008:149)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sergei Golubchik found that MySQL did not properly validate optional\ndata or index directory paths given in a CREATE TABLE statement; as\nwell it would not, under certain conditions, prevent two databases\nfrom using the same paths for data or index files. This could allow an\nauthenticated user with appropriate privilege to create tables in one\ndatabase to read and manipulate data in tables later created in other\ndatabases, regardless of GRANT privileges (CVE-2008-2079).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mysql15-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmysql-devel-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmysql-static-devel-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmysql15-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-bench-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-client-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-common-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-doc-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-max-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-extra-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-management-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-storage-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-tools-5.0.51a-8.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:53:44", "description": "The version of MySQL installed on the remote host reportedly allows a\nlocal user to circumvent privileges through creation of MyISAM tables\nusing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory.", "edition": 25, "published": "2008-05-09T00:00:00", "title": "MySQL 4.1 < 4.1.24 MyISAM Create Table Privilege Check Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2079"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_4_1_24.NASL", "href": "https://www.tenable.com/plugins/nessus/32137", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32137);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/16 14:09:12\");\n\n script_cve_id(\"CVE-2008-2079\");\n script_bugtraq_id(29106);\n script_xref(name:\"Secunia\", value:\"30134\");\n\n script_name(english:\"MySQL 4.1 < 4.1.24 MyISAM Create Table Privilege Check Bypass\");\n script_summary(english:\"Checks version of MySQL 4.1 Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server allows a local user to circumvent\nprivileges.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host reportedly allows a\nlocal user to circumvent privileges through creation of MyISAM tables\nusing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.mysql.com/bug.php?id=32167\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 4.1.24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\n# nb: banner checks of open source software are prone to false-\n# positives so only run the check if reporting is paranoid.\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report paranoia' is set to 'Paranoid'.\");\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\n\nif (mysql_init(port:port, exit_on_fail:TRUE) == 1)\n{\n ver = mysql_get_version();\n\n if (strlen(ver) && ver =~ \"^4\\.1\\.([0-9]|1[0-9]|2[0-3])($|[^0-9])\")\n {\n if (report_verbosity > 0)\n {\n report = '\\nThe remote MySQL version is :\\n\\n '+ver+'\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_note(port:port, extra:report);\n }\n else security_note(port);\n }\n}\nmysql_close();\n", "cvss": {"score": 3.5, "vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:15", "description": "The database server mySQL was updated to fix two security problems :\n\n - MySQL allowed local users to bypass certain privilege\n checks by calling CREATE TABLE on a MyISAM table with\n modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY\n arguments that are within the MySQL home data directory,\n which can point to tables that are created in the\n future. (CVE-2008-2079)\n\n - sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x\n before 5.1.14 allows remote authenticated users to cause\n a denial of service (crash) via an EXPLAIN SELECT FROM\n on the INFORMATION_SCHEMA table, as originally\n demonstrated using ORDER BY. (CVE-2006-7232)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : MySQL (YOU Patch Number 12175)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7232", "CVE-2008-2079"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12175.NASL", "href": "https://www.tenable.com/plugins/nessus/41217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41217);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7232\", \"CVE-2008-2079\");\n\n script_name(english:\"SuSE9 Security Update : MySQL (YOU Patch Number 12175)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The database server mySQL was updated to fix two security problems :\n\n - MySQL allowed local users to bypass certain privilege\n checks by calling CREATE TABLE on a MyISAM table with\n modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY\n arguments that are within the MySQL home data directory,\n which can point to tables that are created in the\n future. (CVE-2008-2079)\n\n - sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x\n before 5.1.14 allows remote authenticated users to cause\n a denial of service (crash) via an EXPLAIN SELECT FROM\n on the INFORMATION_SCHEMA table, as originally\n demonstrated using ORDER BY. (CVE-2006-7232)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2079.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12175.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_cwe_id(89, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-4.0.18-32.35\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-Max-4.0.18-32.35\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-client-4.0.18-32.35\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-devel-4.0.18-32.35\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-shared-4.0.18-32.35\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:46", "description": "The database server mySQL was updated to fix two security problems :\n\n - MySQL allowed local users to bypass certain privilege\n checks by calling CREATE TABLE on a MyISAM table with\n modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY\n arguments that are within the MySQL home data directory,\n which can point to tables that are created in the\n future. (CVE-2008-2079)\n\n - sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x\n before 5.1.14 allows remote authenticated users to cause\n a denial of service (crash) via an EXPLAIN SELECT FROM\n on the INFORMATION_SCHEMA table, as originally\n demonstrated using ORDER BY. (CVE-2006-7232)", "edition": 24, "published": "2008-08-14T00:00:00", "title": "SuSE 10 Security Update : MySQL (ZYPP Patch Number 5338)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7232", "CVE-2008-2079"], "modified": "2008-08-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MYSQL-5338.NASL", "href": "https://www.tenable.com/plugins/nessus/33886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33886);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7232\", \"CVE-2008-2079\");\n\n script_name(english:\"SuSE 10 Security Update : MySQL (ZYPP Patch Number 5338)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The database server mySQL was updated to fix two security problems :\n\n - MySQL allowed local users to bypass certain privilege\n checks by calling CREATE TABLE on a MyISAM table with\n modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY\n arguments that are within the MySQL home data directory,\n which can point to tables that are created in the\n future. (CVE-2008-2079)\n\n - sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x\n before 5.1.14 allows remote authenticated users to cause\n a denial of service (crash) via an EXPLAIN SELECT FROM\n on the INFORMATION_SCHEMA table, as originally\n demonstrated using ORDER BY. (CVE-2006-7232)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2079.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5338.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_cwe_id(89, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"mysql-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"mysql-client-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"mysql-devel-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"mysql-shared-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"mysql-shared-32bit-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mysql-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mysql-client-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mysql-devel-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"mysql-shared-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"mysql-shared-32bit-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mysql-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mysql-Max-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mysql-client-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mysql-devel-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"mysql-shared-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"mysql-shared-32bit-5.0.26-12.17.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mysql-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mysql-Max-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mysql-client-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mysql-devel-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"mysql-shared-5.0.26-12.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"mysql-shared-32bit-5.0.26-12.20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:54:39", "description": "The version of MySQL installed on the remote host is earlier than\n5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 and thus reportedly allows a local\nuser to circumvent privileges through creation of MyISAM tables using\nthe 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory. This is the\nsame flaw as CVE-2008-2079, which was not completely fixed.", "edition": 26, "published": "2012-01-16T00:00:00", "title": "MySQL < 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 MyISAM CREATE TABLE Privilege Check Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-2079"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_6_0_14_PRIV_BYPASS.NASL", "href": "https://www.tenable.com/plugins/nessus/17812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17812);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2008-4097\");\n script_bugtraq_id(29106);\n\n script_name(english:\"MySQL < 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 MyISAM CREATE TABLE Privilege Check Bypass\");\n script_summary(english:\"Checks version of MySQL Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server allows a local user to circumvent\nprivileges.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is earlier than\n5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 and thus reportedly allows a local\nuser to circumvent privileges through creation of MyISAM tables using\nthe 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory. This is the\nsame flaw as CVE-2008-2079, which was not completely fixed.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=32167?\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:make_list('5.0.88', '5.1.42', '5.5.0', '6.0.14'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:23", "description": "The database server MySQL was updated to fix a security problem :\n\nCVE-2008-2079: MySQL allowed local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the\nMySQL home data directory, which can point to tables that are created\nin the future.\n\nCVE-2006-7232: sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x\nbefore 5.1.14 allows remote authenticated users to cause a denial of\nservice (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA\ntable, as originally demonstrated using ORDER BY.", "edition": 24, "published": "2008-08-14T00:00:00", "title": "openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-5341)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7232", "CVE-2008-2079"], "modified": "2008-08-14T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:mysql-devel", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:opensuse:mysql-client", "p-cpe:/a:novell:opensuse:mysql-shared-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit", "p-cpe:/a:novell:opensuse:mysql-tools", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mysql-Max", "p-cpe:/a:novell:opensuse:mysql-shared", "p-cpe:/a:novell:opensuse:libmysqlclient15-32bit", "p-cpe:/a:novell:opensuse:mysql-debug", "p-cpe:/a:novell:opensuse:libmysqlclient_r15", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:mysql-bench", "p-cpe:/a:novell:opensuse:libmysqlclient15"], "id": "SUSE_LIBMYSQLCLIENT-DEVEL-5341.NASL", "href": "https://www.tenable.com/plugins/nessus/33885", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclient-devel-5341.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33885);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7232\", \"CVE-2008-2079\");\n\n script_name(english:\"openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-5341)\");\n script_summary(english:\"Check for the libmysqlclient-devel-5341 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The database server MySQL was updated to fix a security problem :\n\nCVE-2008-2079: MySQL allowed local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the\nMySQL home data directory, which can point to tables that are created\nin the future.\n\nCVE-2006-7232: sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x\nbefore 5.1.14 allows remote authenticated users to cause a denial of\nservice (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA\ntable, as originally demonstrated using ORDER BY.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclient-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_cwe_id(89, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-shared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-shared-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-5.0.26-12.17.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-Max-5.0.26-12.17.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-bench-5.0.26-12.17.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-client-5.0.26-12.17.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-devel-5.0.26-12.17.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-shared-5.0.26-12.17.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"mysql-shared-32bit-5.0.26-12.17.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mysql-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mysql-Max-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mysql-bench-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mysql-client-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mysql-debug-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mysql-devel-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"mysql-shared-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"mysql-shared-32bit-5.0.26-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libmysqlclient-devel-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libmysqlclient15-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libmysqlclient_r15-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mysql-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mysql-Max-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mysql-bench-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mysql-client-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mysql-debug-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"mysql-tools-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libmysqlclient15-32bit-5.0.45-22.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libmysqlclient_r15-32bit-5.0.45-22.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:54:48", "description": "The version of MySQL Enterprise Server 5.0 installed on the remote\nhost is earlier than 5.0.70. In such versions, it is possible for a\nlocal user to circumvent privileges through the creation of MyISAM\ntables employing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to\noverwrite existing table files in the application's data directory. \n\nNote that this issue was supposed to have been addressed in version\n5.0.60, but the fix was incomplete.", "edition": 27, "published": "2008-11-09T00:00:00", "title": "MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4098", "CVE-2008-2079"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_ES_5_0_70.NASL", "href": "https://www.tenable.com/plugins/nessus/34727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34727);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4098\");\n script_bugtraq_id(29106);\n\n script_name(english:\"MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass\");\n script_summary(english:\"Checks version of MySQL Enterprise Server 5.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is susceptible to a privilege bypass\nattack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL Enterprise Server 5.0 installed on the remote\nhost is earlier than 5.0.70. In such versions, it is possible for a\nlocal user to circumvent privileges through the creation of MyISAM\ntables employing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to\noverwrite existing table files in the application's data directory. \n\nNote that this issue was supposed to have been addressed in version\n5.0.60, but the fix was incomplete.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.mysql.com/bug.php?id=32167\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-70.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2008/09/09/20\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2008/09/16/3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise version 5.0.70 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\n\nif (mysql_init(port:port, exit_on_fail:TRUE) == 1)\n{\n variant = mysql_get_variant();\n version = mysql_get_version();\n\n if (\n \"Enterprise \" >< variant && \n strlen(version) && \n version =~ \"^5\\.0\\.([0-9]|[1-6][0-9])($|[^0-9])\"\n )\n {\n if (report_verbosity > 0)\n {\n report =\n '\\nThe remote MySQL '+variant+'\\'s version is :\\n'+\n ' '+version+'\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n }\n}\nmysql_close();\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "description": "It&#39;s possible to specify file of different database in CREATE TABLE.", "edition": 1, "modified": "2008-11-10T00:00:00", "published": "2008-11-10T00:00:00", "id": "SECURITYVULNS:VULN:9164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9164", "title": "MySQL privilege escalation", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-4030", "CVE-2009-4028", "CVE-2008-4098", "CVE-2008-2079", "CVE-2009-4019"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:012\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : mysql\r\n Date : January 17, 2010\r\n Affected: 2009.1, 2010.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in mysql:\r\n \r\n mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does\r\n not &#40;1&#41; properly handle errors during execution of certain SELECT\r\n statements with subqueries, and does not &#40;2&#41; preserve certain\r\n null_value flags during execution of statements that use the\r\n GeomFromWKB function, which allows remote authenticated users to\r\n cause a denial of service &#40;daemon crash&#41; via a crafted statement\r\n &#40;CVE-2009-4019&#41;.\r\n \r\n The vio_verify_callback function in viosslfactories.c in MySQL\r\n 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,\r\n accepts a value of zero for the depth of X.509 certificates, which\r\n allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL\r\n servers via a crafted certificate, as demonstrated by a certificate\r\n presented by a server linked against the yaSSL library &#40;CVE-2009-4028&#41;.\r\n \r\n MySQL 5.1.x before 5.1.41 allows local users to bypass certain\r\n privilege checks by calling CREATE TABLE on a MyISAM table with\r\n modified &#40;1&#41; DATA DIRECTORY or &#40;2&#41; INDEX DIRECTORY arguments\r\n that are originally associated with pathnames without symlinks,\r\n and that can point to tables created at a future time at which a\r\n pathname is modified to contain a symlink to a subdirectory of the\r\n MySQL data home directory, related to incorrect calculation of the\r\n mysql_unpacked_real_data_home value. NOTE: this vulnerability exists\r\n because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079\r\n &#40;CVE-2009-4030&#41;.\r\n \r\n The updated packages have been patched to correct these\r\n issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded\r\n to the latest stable 5.1 release &#40;5.1.42&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-37.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-42.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.1:\r\n 2052354eb2f57325cc5a351aa8e7fa17 2009.1/i586/libmysql16-5.1.42-0.1mdv2009.1.i586.rpm\r\n f8b86535e2b9304340b95fc6b5e5ed53 2009.1/i586/libmysql-devel-5.1.42-0.1mdv2009.1.i586.rpm\r\n 0b2b4f3359a6b44614daf30e921faebf 2009.1/i586/libmysql-static-devel-5.1.42-0.1mdv2009.1.i586.rpm\r\n 0a007a4249e801fcf6ba7112c79e125b 2009.1/i586/mysql-5.1.42-0.1mdv2009.1.i586.rpm\r\n 87664cc60c044a8415d54d4e1169556c 2009.1/i586/mysql-bench-5.1.42-0.1mdv2009.1.i586.rpm\r\n ec0a34be2a2abd3890e3b6163099231b 2009.1/i586/mysql-client-5.1.42-0.1mdv2009.1.i586.rpm\r\n 5f1526147c19c5dac3d5e926e75e6108 2009.1/i586/mysql-common-5.1.42-0.1mdv2009.1.i586.rpm\r\n 53894c10ef4d4e1384d55bf6d957d03b 2009.1/i586/mysql-doc-5.1.42-0.1mdv2009.1.i586.rpm\r\n af10d4d0e4efb516dc8228df3b6e0b04 2009.1/i586/mysql-max-5.1.42-0.1mdv2009.1.i586.rpm\r\n a950628d61d6941c5334040527b187b3 2009.1/i586/mysql-ndb-extra-5.1.42-0.1mdv2009.1.i586.rpm\r\n 5ef3d1368951afda87ce339ac3f40702 2009.1/i586/mysql-ndb-management-5.1.42-0.1mdv2009.1.i586.rpm\r\n 939043e470320d048c61ba731e58eedb 2009.1/i586/mysql-ndb-storage-5.1.42-0.1mdv2009.1.i586.rpm\r\n b575199f57235a93ab35f1d21b09106b 2009.1/i586/mysql-ndb-tools-5.1.42-0.1mdv2009.1.i586.rpm \r\n 7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 83694bc1ab6c44f9ad081a385db8e137 2009.1/x86_64/lib64mysql16-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n efeb723e6c2f03878d3c7a98c70b08fc 2009.1/x86_64/lib64mysql-devel-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 36dd02fdbc2fbb752cee1d5dd80b2687 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 6d0f276c904e851e94e21fd33064bf84 2009.1/x86_64/mysql-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 783bb174310ca9f2d713f83cf6d1ef88 2009.1/x86_64/mysql-bench-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 4e63f4cc681ea7647a4a6d741b272a5b 2009.1/x86_64/mysql-client-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 0387ea642a706affc7ea43996786995b 2009.1/x86_64/mysql-common-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 57a3b2e0d7f89cf6c529317f96aa175d 2009.1/x86_64/mysql-doc-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 754919090d5355395a2f36025b0a6370 2009.1/x86_64/mysql-max-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n f7b6cff4ab3d2679107c8b5a1f0d1209 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 526aec7bd783d54a9ba354098f88cb53 2009.1/x86_64/mysql-ndb-management-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 5c21900db14347e6e04979e9edeafc7c 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 3011a3d4a3a83b563933909446c4e5a2 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2009.1.x86_64.rpm \r\n 7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n d8b966d905db88c7a5f78b350b2d197b 2010.0/i586/libmysql16-5.1.42-0.1mdv2010.0.i586.rpm\r\n 97890a292a3ad4bfbb9a12bbf4526b65 2010.0/i586/libmysql-devel-5.1.42-0.1mdv2010.0.i586.rpm\r\n abdfe57c2b25ff668b9f972efa4bec28 2010.0/i586/libmysql-static-devel-5.1.42-0.1mdv2010.0.i586.rpm\r\n de115ca3e80cb4a54970590eae0caf74 2010.0/i586/mysql-5.1.42-0.1mdv2010.0.i586.rpm\r\n b1af15f0e00bd2824092dac21d28a59d 2010.0/i586/mysql-bench-5.1.42-0.1mdv2010.0.i586.rpm\r\n 67beec0620551eb817d09e4dd2ed32a6 2010.0/i586/mysql-client-5.1.42-0.1mdv2010.0.i586.rpm\r\n e7979f8b6015a750d09593478cfcccc2 2010.0/i586/mysql-common-5.1.42-0.1mdv2010.0.i586.rpm\r\n 1e403dda77399cac91522b99c5a77a94 2010.0/i586/mysql-common-core-5.1.42-0.1mdv2010.0.i586.rpm\r\n c06bcd5a5c0acb43f270f5d7ace9d417 2010.0/i586/mysql-core-5.1.42-0.1mdv2010.0.i586.rpm\r\n 155d7edf8bf7760c644733671d04dda2 2010.0/i586/mysql-doc-5.1.42-0.1mdv2010.0.i586.rpm\r\n 8a7c42ba34efd2f8f1c74491f30bac7c 2010.0/i586/mysql-max-5.1.42-0.1mdv2010.0.i586.rpm\r\n 1d1eb124a30062c8229eacee947fab6b 2010.0/i586/mysql-ndb-extra-5.1.42-0.1mdv2010.0.i586.rpm\r\n e6133a08e26f7983f9cb9b7b67b75ca9 2010.0/i586/mysql-ndb-management-5.1.42-0.1mdv2010.0.i586.rpm\r\n 9372040b6d57968315f459a688a7fdab 2010.0/i586/mysql-ndb-storage-5.1.42-0.1mdv2010.0.i586.rpm\r\n a74218625b766d72ae38c2c1476cf3e6 2010.0/i586/mysql-ndb-tools-5.1.42-0.1mdv2010.0.i586.rpm \r\n ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 2930d2e7a334341d082bdec1c2ad261f 2010.0/x86_64/lib64mysql16-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 8ca967411d87705edcced52cc8281744 2010.0/x86_64/lib64mysql-devel-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 71af52b4b8cd37ec37141fe56b0bea1c 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n f8ff5f7cdd6054da4c81e3a741d9fb22 2010.0/x86_64/mysql-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 2b7d818a2edd120aba01e525fc51e647 2010.0/x86_64/mysql-bench-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 4896e7cfb9818e740de6586d6de18e8f 2010.0/x86_64/mysql-client-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 7904e902d0dd12a611fef6d4fe74d188 2010.0/x86_64/mysql-common-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 4ad977d5b0a3d8bd29d482f35ee41516 2010.0/x86_64/mysql-common-core-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 72ae82e587c92165a72467e30560b42f 2010.0/x86_64/mysql-core-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 7585cdb1a7065c522d3d71c91c13071f 2010.0/x86_64/mysql-doc-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 50936bad8898af9a9ecbab9f51a884c5 2010.0/x86_64/mysql-max-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 2ef542022c6437fa4df25e7b46c804dd 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n b20519b0f4fb8ca438c8105a1305b45d 2010.0/x86_64/mysql-ndb-management-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 32d5eb57ba08af5420e44777ea2bbd98 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 607848d02f7cffdf3169c7dbce65e75f 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2010.0.x86_64.rpm \r\n ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFLU3VUmqjQ0CJFipgRAmhhAJ91sCoRByeEVFdzAULLmfs0t6vOsACaArA+\r\nfPZMuPMkwgub9aN1Xva9v1Q=\r\n=2/XR\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-01-19T00:00:00", "published": "2010-01-19T00:00:00", "id": "SECURITYVULNS:DOC:23063", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23063", "title": "[ MDVSA-2010:012 ] mysql", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:26:04", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "description": "It was discovered that MySQL could be made to overwrite existing table \nfiles in the data directory. An authenticated user could use the \nDATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege \nchecks. This update alters table creation behaviour by disallowing the \nuse of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY \noptions. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)\n\nIt was discovered that MySQL did not handle empty bit-string literals \nproperly. An attacker could exploit this problem and cause the MySQL \nserver to crash, leading to a denial of service. (CVE-2008-3963)", "edition": 5, "modified": "2008-11-17T00:00:00", "published": "2008-11-17T00:00:00", "id": "USN-671-1", "href": "https://ubuntu.com/security/notices/USN-671-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2008-3963", "CVE-2008-2079"], "description": "[5.0.77-3]\n- Add fix for CVE-2009-2446 (format string vulnerability in COM_CREATE_DB and\n COM_DROP_DB processing)\nResolves: #512200\n[5.0.77-2]\n- Back-port upstream fix for CVE-2008-4456 (mysql command line client XSS flaw)\nResolves: #502169\n[5.0.77-1]\n- Update to MySQL 5.0.77, for numerous fixes described at\n http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-77.html\n including low-priority security issues CVE-2008-2079, CVE-2008-3963\nResolves: #448487, #448534, #452824, #453156, #455619, #456875\nResolves: #457218, #462534, #470036, #476896, #479615\n- Improve mysql.init to pass configured datadir to mysql_install_db,\n and to force user=mysql for both mysql_install_db and mysqld_safe.\nResolves: #450178\n- Fix mysql.init to wait correctly when socket is not in default place\nResolves: #435494\n ", "edition": 4, "modified": "2009-09-08T00:00:00", "published": "2009-09-08T00:00:00", "id": "ELSA-2009-1289", "href": "http://linux.oracle.com/errata/ELSA-2009-1289.html", "title": "mysql security and bug fix update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:04", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4031", "CVE-2007-5925", "CVE-2007-5969", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "description": "[4.1.22-2]\n- Back-patch three upstream security fixes from 4.1.23 and 4.1.24\nResolves: #445321\n[4.1.22-1]\n- Update to not-so-new-anymore upstream version 4.1.22\nResolves: #278461, #327771, #218009, #201988\n- Use default port number if out-of-range port number is specified\nResolves: #206067\n- Sync mysql.init with current Fedora initscript; this includes the following:\n- Use a less hacky method of getting default values in initscript\nResolves: #233771\n- Update default /etc/my.cnf ([mysql.server] has been bogus for a long time)\n- Dont chmod -R the entire database directory tree on every startup\nResolves: #221085\n- Fix init script to return status 1 on server start timeout\nResolves: #203910\n- Fix mysql.init to wait correctly when socket is not in default place\n[4.1.20-4.RHEL4.1]\n- Back-port upstream fixes for CVE-2007-5925, CVE-2007-5969.\nResolves: #422191", "edition": 4, "modified": "2008-08-01T00:00:00", "published": "2008-08-01T00:00:00", "id": "ELSA-2008-0768", "href": "http://linux.oracle.com/errata/ELSA-2008-0768.html", "title": "mysql security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2008-3963", "CVE-2008-2079"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1289\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nMySQL did not correctly check directories used as arguments for the DATA\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\nattacker could elevate their access privileges to tables created by other\ndatabase users. Note: This attack does not work on existing tables. An\nattacker can only elevate their access to another user's tables as the\ntables are created. As well, the names of these created tables need to be\npredicted correctly for this attack to succeed. (CVE-2008-2079)\n\nA flaw was found in the way MySQL handles an empty bit-string literal. A\nremote, authenticated attacker could crash the MySQL server daemon (mysqld)\nif they used an empty bit-string literal in an SQL statement. This issue\nonly caused a temporary denial of service, as the MySQL daemon was\nautomatically restarted after the crash. (CVE-2008-3963)\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logs\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specifically-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"/etc/my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nThis update also fixes multiple bugs. Details regarding these bugs can be\nfound in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find a\nlink to the Technical Notes in the References section of this errata.\n\nNote: These updated packages upgrade MySQL to version 5.0.77 to incorporate\nnumerous upstream bug fixes. Details of these changes are found in the\nfollowing MySQL Release Notes:\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html\n\nAll MySQL users are advised to upgrade to these updated packages, which\nresolve these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/028181.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/028182.html\n\n**Affected packages:**\nmysql\nmysql-bench\nmysql-devel\nmysql-server\nmysql-test\n\n**Upstream details at:**\n", "edition": 3, "modified": "2009-09-15T18:28:46", "published": "2009-09-15T18:28:45", "href": "http://lists.centos.org/pipermail/centos-announce/2009-September/028182.html", "id": "CESA-2009:1289", "title": "mysql security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:20:17", "bulletinFamily": "unix", "cvelist": ["CVE-2006-7232", "CVE-2008-1803", "CVE-2008-1447", "CVE-2008-3337", "CVE-2007-6389", "CVE-2008-1802", "CVE-2008-2233", "CVE-2008-1801", "CVE-2008-2079", "CVE-2008-2234"], "description": "The openwsman project provides an implementation of the Web Service Management specification. The SuSE Security-Team has found two critical issues in the code: - two remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234) - a possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233) Both issues were fixed.\n#### Solution\nPlease install the fixed package.", "edition": 1, "modified": "2008-08-14T18:02:43", "published": "2008-08-14T18:02:43", "id": "SUSE-SA:2008:041", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00003.html", "title": "remote code execution in openwsman", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}