{"id": "FREEBSD_PKG_738F8F9ED66111DDA7650030843D3802.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (738f8f9e-d661-11dd-a765-0030843d3802)", "description": "MySQL Team reports :\n\nAdditional corrections were made for the symlink-related privilege\nproblem originally addressed. The original fix did not correctly\nhandle the data directory pathname if it contained symlinked\ndirectories in its path, and the check was made only at table-creation\ntime, not at table-opening time later.", "published": "2008-12-30T00:00:00", "modified": "2008-12-30T00:00:00", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/35279", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?6f845491", "http://www.nessus.org/u?88f9bfef", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25", "https://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html", "https://bugs.mysql.com/bug.php?id=32167", "http://www.nessus.org/u?df7b1822", "https://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html"], "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "type": "nessus", "lastseen": "2021-01-07T10:45:41", "edition": 27, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2079", "CVE-2008-4097", "CVE-2008-4098"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9747", "SECURITYVULNS:VULN:9164", "SECURITYVULNS:DOC:21488", "SECURITYVULNS:DOC:20846", "SECURITYVULNS:DOC:23063"]}, {"type": "freebsd", "idList": ["738F8F9E-D661-11DD-A765-0030843D3802", "388D9EE4-7F22-11DD-A66A-0019666436C2"]}, {"type": "openvas", "idList": ["OPENVAS:63095", "OPENVAS:136141256231065610", "OPENVAS:65884", "OPENVAS:65610", "OPENVAS:136141256231063095", "OPENVAS:1361412562310100156", "OPENVAS:63872", "OPENVAS:840292", "OPENVAS:61852", "OPENVAS:136141256231063872"]}, {"type": "ubuntu", "idList": ["USN-671-1"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2009-094.NASL", "UBUNTU_USN-671-1.NASL", "REDHAT-RHSA-2010-0110.NASL", "MYSQL_6_0_14_PRIV_BYPASS.NASL", "DEBIAN_DSA-1662.NASL", "REDHAT-RHSA-2009-1289.NASL", "MYSQL_ES_5_0_70.NASL", "CENTOS_RHSA-2010-0110.NASL", "SUSE9_12256.NASL", "ORACLELINUX_ELSA-2010-0110.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1608-1:D1E27", "DEBIAN:DSA-1662-1:D64CF"]}, {"type": "gentoo", "idList": ["GLSA-200809-04"]}, {"type": "seebug", "idList": ["SSV:3280"]}, {"type": "redhat", "idList": ["RHSA-2008:0510", "RHSA-2010:0110"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0110"]}, {"type": "centos", "idList": ["CESA-2010:0110"]}], "modified": "2021-01-07T10:45:41", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-07T10:45:41", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35279);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\");\n\n script_name(english:\"FreeBSD : mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (738f8f9e-d661-11dd-a765-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MySQL Team reports :\n\nAdditional corrections were made for the symlink-related privilege\nproblem originally addressed. The original fix did not correctly\nhandle the data directory pathname if it contained symlinked\ndirectories in its path, and the check was made only at table-creation\ntime, not at table-opening time later.\"\n );\n # http://bugs.mysql.com/bug.php?id=32167\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=32167\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html\"\n );\n # http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88f9bfef\"\n );\n # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html\"\n );\n # http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df7b1822\"\n );\n # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25\"\n );\n # https://vuxml.freebsd.org/freebsd/738f8f9e-d661-11dd-a765-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f845491\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_cwe_id(59, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=4.1<4.1.25\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.0<5.0.75\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.1<5.1.28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=6.0<6.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "35279", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql-server", "cpe:/o:freebsd:freebsd"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:51:02", "description": "MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.\nPer http://www.securityfocus.com/bid/29106 this vulnerability is remotely exploitable.\r\n", "edition": 5, "cvss3": {}, "published": "2008-09-18T15:04:00", "title": "CVE-2008-4097", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4097"], "modified": "2020-02-18T19:22:00", "cpe": ["cpe:/a:oracle:mysql:5.0.51a"], "id": "CVE-2008-4097", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4097", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:02", "description": "MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.", "edition": 4, "cvss3": {}, "published": "2008-09-18T15:04:00", "title": "CVE-2008-4098", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4098"], "modified": "2019-12-17T20:26:00", "cpe": ["cpe:/a:mysql:mysql:5.0.4", "cpe:/a:oracle:mysql:5.0.60", "cpe:/a:mysql:mysql:5.0.0", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/a:oracle:mysql:5.0.28", "cpe:/a:oracle:mysql:5.0.30", "cpe:/a:mysql:mysql:5.0.5", "cpe:/a:oracle:mysql:5.0.38", "cpe:/a:oracle:mysql:5.0.51", "cpe:/a:mysql:mysql:5.0.66", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/a:mysql:mysql:5.0.60", "cpe:/a:oracle:mysql:5.0.23", "cpe:/a:mysql:mysql:5.0.1", "cpe:/a:mysql:mysql:5.0.24", "cpe:/a:oracle:mysql:5.0.26", "cpe:/a:oracle:mysql:5.0.48", "cpe:/a:oracle:mysql:5.0.36", "cpe:/a:oracle:mysql:5.0.46", "cpe:/a:oracle:mysql:5.0.32", "cpe:/a:mysql:mysql:5.0.20", "cpe:/a:oracle:mysql:5.0.52", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:debian:debian_linux:5.0", "cpe:/a:mysql:mysql:5.0.30", "cpe:/a:oracle:mysql:5.0.58", "cpe:/a:mysql:mysql:5.0.3", "cpe:/a:oracle:mysql:5.0.45", "cpe:/a:mysql:mysql:5.0.54", "cpe:/a:mysql:mysql:5.0.2", "cpe:/a:oracle:mysql:5.0.41", "cpe:/a:oracle:mysql:5.0.40", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:oracle:mysql:5.0.66", "cpe:/a:oracle:mysql:5.0.34", "cpe:/a:oracle:mysql:5.0.44", "cpe:/a:oracle:mysql:5.0.64", "cpe:/a:mysql:mysql:5.0.56", "cpe:/a:mysql:mysql:5.0.44", "cpe:/a:oracle:mysql:5.0.25", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:5.0.56", "cpe:/a:oracle:mysql:5.0.62", "cpe:/a:mysql:mysql:5.0.36", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:oracle:mysql:5.0.50", "cpe:/a:oracle:mysql:5.0.42", "cpe:/a:mysql:mysql:5.0.17"], "id": "CVE-2008-4098", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4098", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:22", "description": "MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.\nPer http://www.securityfocus.com/bid/29106 and http://secunia.com/advisories/32222, this vulnerability is remotely exploitable.", "edition": 6, "cvss3": {}, "published": "2008-05-05T16:20:00", "title": "CVE-2008-2079", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2079"], "modified": "2019-12-17T15:25:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:canonical:ubuntu_linux:8.04"], "id": "CVE-2008-2079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2079", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:34:19", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "description": "\nMySQL Team reports:\n\nAdditional corrections were made for the symlink-related privilege\n\t problem originally addressed. The original fix did not correctly\n\t handle the data directory pathname if it contained symlinked\n\t directories in its path, and the check was made only at\n\t table-creation time, not at table-opening time later.\n\n", "edition": 4, "modified": "2008-07-03T00:00:00", "published": "2008-07-03T00:00:00", "id": "738F8F9E-D661-11DD-A765-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/738f8f9e-d661-11dd-a765-0030843d3802.html", "title": "mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths", "type": "freebsd", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "\nSecurityFocus reports:\n\nMySQL is prone to a security-bypass vulnerability.\n\t An attacker can exploit this issue to overwrite existing\n\t table files in the MySQL data directory, bypassing certain\n\t security restrictions.\n\n", "edition": 4, "modified": "2008-10-10T00:00:00", "published": "2008-05-05T00:00:00", "id": "388D9EE4-7F22-11DD-A66A-0019666436C2", "href": "https://vuxml.freebsd.org/freebsd/388d9ee4-7f22-11dd-a66a-0019666436c2.html", "title": "mysql -- MyISAM table privileges security bypass vulnerability", "type": "freebsd", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "description": "It&#39;s possible to specify file of different database in CREATE TABLE.", "edition": 1, "modified": "2008-11-10T00:00:00", "published": "2008-11-10T00:00:00", "id": "SECURITYVULNS:VULN:9164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9164", "title": "MySQL privilege escalation", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-4097", "CVE-2008-4098"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1662-1 security@debian.org\r\nhttp://www.debian.org/security/ Devin Carraway\r\nNovember 06, 2008 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : mysql-dfsg-5.0\r\nVulnerability : authorization bypass\r\nProblem type : local\r\nDebian-specific: no\r\nCVE Id&#40;s&#41; : CVE-2008-4098\r\nDebian Bug : 480292\r\n\r\nA symlink traversal vulnerability was discovered in MySQL, a\r\nrelational database server. The weakness could permit an attacker\r\nhaving both CREATE TABLE access to a database and the ability to\r\nexecute shell commands on the database server to bypass MySQL access\r\ncontrols, enabling them to write to tables in databases to which they\r\nwould not ordinarily have access.\r\n\r\nThe Common Vulnerabilities and Exposures project identifies this\r\nvulnerability as CVE-2008-4098. Note that a closely aligned issue,\r\nidentified as CVE-2008-4097, was prevented by the update announced in\r\nDSA-1608-1. This new update supercedes that fix and mitigates both\r\npotential attack vectors.\r\n\r\nFor the stable distribution &#40;etch&#41;, this problem has been fixed in\r\nversion 5.0.32-7etch8.\r\n\r\nWe recommend that you upgrade your mysql packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian &#40;stable&#41;\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz\r\n Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.dsc\r\n Size/MD5 checksum: 1117 6456a5396b56431a31e2121805ef3208\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.diff.gz\r\n Size/MD5 checksum: 269277 bc749451446872ac8c8567ed60b0eea6\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch8_all.deb\r\n Size/MD5 checksum: 48142 761dce88bf46026622550e503800d4c3\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch8_all.deb\r\n Size/MD5 checksum: 54452 64140dddeb7bd50098ddc6222b4d2939\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch8_all.deb\r\n Size/MD5 checksum: 46068 0a67c6a61d08bf716c0af68da1585563\r\n\r\nalpha architecture &#40;DEC Alpha&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_alpha.deb\r\n Size/MD5 checksum: 8405572 ceda4648a1bbc48f087f8763350c04e7\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_alpha.deb\r\n Size/MD5 checksum: 27385278 b5435c8d77f64e1855300e1988570333\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_alpha.deb\r\n Size/MD5 checksum: 8909972 e76dc32887c4baf25721eff971aa9d60\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_alpha.deb\r\n Size/MD5 checksum: 48170 c6eb1472bb6cf4fad708c23dd9a78cf8\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_alpha.deb\r\n Size/MD5 checksum: 1947544 73d751f95dc5604d159df910a3157f45\r\n\r\namd64 architecture &#40;AMD x86_64 &#40;AMD64&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_amd64.deb\r\n Size/MD5 checksum: 1831314 6ed359b8f2fb92c5c9846a3743e4b0f8\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_amd64.deb\r\n Size/MD5 checksum: 7549266 ca948f5c66f2172927acd9e5cbf7c9ae\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_amd64.deb\r\n Size/MD5 checksum: 7371842 7ff54b963be65b5e7d18425cd313bbcb\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_amd64.deb\r\n Size/MD5 checksum: 48178 127af2553cc1fd9e89f1f69a2eb44709\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_amd64.deb\r\n Size/MD5 checksum: 25813464 06dc8568f055c04dc4ddfd19de79a704\r\n\r\narm architecture &#40;ARM&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_arm.deb\r\n Size/MD5 checksum: 48230 2a5b1b7b2ed8c94301fc60bd49be7991\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_arm.deb\r\n Size/MD5 checksum: 7208004 9e268d05c77d521dbe0366961534cdf2\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_arm.deb\r\n Size/MD5 checksum: 25347882 b89ba96f815a27ebe70014d8c16e6bc0\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_arm.deb\r\n Size/MD5 checksum: 6930850 21ec3a8f5a6634454db8dec30fea9e65\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_arm.deb\r\n Size/MD5 checksum: 1748390 1877d302ebc91e8ccf104ba2d75479a6\r\n\r\nhppa architecture &#40;HP PA RISC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_hppa.deb\r\n Size/MD5 checksum: 27178846 d5b6eb3072bb2e8f2d114b182701a736\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_hppa.deb\r\n Size/MD5 checksum: 8060958 f4d89fec611eb37939d98f3e52391b21\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_hppa.deb\r\n Size/MD5 checksum: 48174 be34e4d2b05e4b294f5a3396611d4126\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_hppa.deb\r\n Size/MD5 checksum: 1920860 8ef8d38dc53e5f81eebcad330103062a\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_hppa.deb\r\n Size/MD5 checksum: 8003664 50496388e230ba0e337fadb5611c1bec\r\n\r\ni386 architecture &#40;Intel ia32&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_i386.deb\r\n Size/MD5 checksum: 1792994 2ee1e253198f7f67be79b40fbcee703a\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_i386.deb\r\n Size/MD5 checksum: 6961428 8be34f2ed518aa47148502b93e468ac0\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_i386.deb\r\n Size/MD5 checksum: 25233474 cf39de0d83a65da443fb77e37976d19b\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_i386.deb\r\n Size/MD5 checksum: 7199354 d144813e5cd27c684cb8ff45a987159e\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_i386.deb\r\n Size/MD5 checksum: 48166 2f4ab0db379d477d4ea15191a1ff4a7c\r\n\r\nia64 architecture &#40;Intel ia64&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_ia64.deb\r\n Size/MD5 checksum: 2115810 09e39bed782c6c2e7d689aa999adbfb1\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_ia64.deb\r\n Size/MD5 checksum: 10342902 c091c2d6b6f02d120b513f07ecada159\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_ia64.deb\r\n Size/MD5 checksum: 9739330 f158dd90752b99efe92bca049b991696\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_ia64.deb\r\n Size/MD5 checksum: 30403740 c3daa72e6e34c54f8053887a52395e36\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_ia64.deb\r\n Size/MD5 checksum: 48170 b9f94375cccf2cb2a3aff60b232b400b\r\n\r\nmips architecture &#40;MIPS &#40;Big Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_mips.deb\r\n Size/MD5 checksum: 7674430 311032237de0d11e91d591b006ab6e60\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_mips.deb\r\n Size/MD5 checksum: 48214 0751225fd59fce147105362c6cc30b16\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_mips.deb\r\n Size/MD5 checksum: 7759738 74a1bd32b13f0c57f67100b6c0422d6e\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_mips.deb\r\n Size/MD5 checksum: 1835426 f425af4483842630558bdcaaba7ac1ee\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_mips.deb\r\n Size/MD5 checksum: 26472386 ed2e2a0eb36de7424d5bd03ab8f3b8f7\r\n\r\nmipsel architecture &#40;MIPS &#40;Little Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_mipsel.deb\r\n Size/MD5 checksum: 25846914 766bcfbde62e9f75fc09f8892b1f6095\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_mipsel.deb\r\n Size/MD5 checksum: 7563074 fb084ab6a02dcf12fde22c740d6d63ac\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_mipsel.deb\r\n Size/MD5 checksum: 7642196 c58f251badf84dd7527f6bcf74bc1846\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_mipsel.deb\r\n Size/MD5 checksum: 48174 92fe38d06aac7ca0a1ff1a26f5858704\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_mipsel.deb\r\n Size/MD5 checksum: 1789960 0864b73e16d14ed1776879d3ef2ab5c1\r\n\r\npowerpc architecture &#40;PowerPC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_powerpc.deb\r\n Size/MD5 checksum: 7575148 351f97505dde5ce74808b38008a04d1f\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_powerpc.deb\r\n Size/MD5 checksum: 7513654 5d9f12246f363b4eaab281e6c37ccf48\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_powerpc.deb\r\n Size/MD5 checksum: 26169508 81c25c622b35bec7d709f8fef4b3ba03\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_powerpc.deb\r\n Size/MD5 checksum: 48174 43cdd4b621fa97e345162fb5a11c3321\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_powerpc.deb\r\n Size/MD5 checksum: 1833008 a031cdc91532615006e3433ea1a2b9cc\r\n\r\ns390 architecture &#40;IBM S/390&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_s390.deb\r\n Size/MD5 checksum: 48172 b15d4493389f2d371d933b3cfec9dbfa\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_s390.deb\r\n Size/MD5 checksum: 7508416 7950a277db319634c2a61162c531d9f8\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_s390.deb\r\n Size/MD5 checksum: 1952408 4035d4b30041b76cdad65f5093d0191e\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_s390.deb\r\n Size/MD5 checksum: 26765686 38ad49284aa88c6157c496f5583e81b4\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_s390.deb\r\n Size/MD5 checksum: 7414890 b61ee866d423474e4e76e68527d09b31\r\n\r\nsparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_sparc.deb\r\n Size/MD5 checksum: 7159698 8ec6e96934ed76dbae21d28ebb701f02\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_sparc.deb\r\n Size/MD5 checksum: 25578698 e0cd9496cac89eb22ba854b3e10ca96b\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_sparc.deb\r\n Size/MD5 checksum: 7028544 fa58c135613be17bd723fea6c4f4de0d\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_sparc.deb\r\n Size/MD5 checksum: 1798226 b1a13379770a9b860a6328176c93eecd\r\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_sparc.deb\r\n Size/MD5 checksum: 48218 9e6c78e0ae63d91c3361ff106ca0d4a7\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFJEmvqU5XKDemr/NIRAtjFAKD0b1I33j80Z6JworeVVlNHKuW4yQCfVusE\r\nI5MOY2TVITMgVkkzs7IrQTw=\r\n=5+yr\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-11-10T00:00:00", "published": "2008-11-10T00:00:00", "id": "SECURITYVULNS:DOC:20846", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20846", "title": "[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-4097", "CVE-2005-2573", "CVE-2008-4098"], "description": "Hello,\r\n\r\nCVE-2005-2573 is reported for MySQL 4.1.x before 4.1.13 and MySQL 5.0\r\n before 5.0.7. However. I tested this vulnerability in MySQL 5.0.51a on\r\n Windows xp sp2, and found this version vulnerable too.\r\n\r\nAccording to CVE-2008-4098, that is reported because of an incomplete fix for CVE-2008-4097, i think this vulnerability should be reported again for an incomplete fix.\r\n\r\nI tested CVE-2005-2573 in MySQL 5.0.51a and windows XP again and found this vulnerability isn&#39;t fixed. Here is my done steps for executing this vulnerability.\r\n\r\nExample: \r\n\r\n1&#41; mysql&gt; INSERT INTO mysql.func &#40;name,dl&#41; VALUES &#40;&#39;lib_mysqludf_udf&#39;,&#39;C:&#92;Program F\r\n\r\niles&#92;MySQL&#92;MySQL Server 5.0&#92;lib/lib_mysqludf_udf.dll&#39;&#41; ;\r\n\r\nQuery OK, 1 row affected &#40;0.00 sec&#41;\r\n\r\n \r\n\r\n2&#41; mysql&gt; CREATE FUNCTION lib_mysqludf_udf_info\r\n\r\n -&gt; RETURNS STRING\r\n\r\n -&gt; SONAME &#39;lib_mysqludf_udf.dll&#39;\r\n\r\n -&gt; ;\r\n\r\nQuery OK, 0 rows affected &#40;0.02 sec&#41;\r\n\r\n \r\n\r\n3&#41; mysql&gt; select lib_mysqludf_udf_info&#40;&#41;;\r\n\r\n+--------------------------------+\r\n\r\n| lib_mysqludf_udf_info&#40;&#41; |\r\n\r\n+--------------------------------+\r\n\r\n| lib_mysqludf_sys version 0.0.2 |\r\n\r\n+--------------------------------+\r\n\r\n1 row in set &#40;0.00 sec&#41;\r\n\r\n&#40;Also, Saving the dll file in another directory &#40;i.e. E:&#92;..&#92;..&#92;&#41;, gives the same result&#41;\r\n\r\n \r\n\r\nmysql&gt; delete from func where name=&#39;lib_mysqludf_udf&#39; and dl=&#39;C:&#92;Program Files&#92;My\r\n\r\nSQL&#92;MySQL Server 5.0&#92;lib/lib_mysqludf_udf.dll&#39; ;\r\n\r\nQuery OK, 1 row affected &#40;0.00 sec&#41;\r\n\r\n \r\n\r\nmysql&gt; INSERT INTO mysql.func &#40;name,dl&#41; VALUES &#40;&#39;lib_mysqludf_udf&#39;,&#39;E:&#92;project&#92;l\r\n\r\nib_mysqludf_udf&#92;release/lib_mysqludf_udf.dll&#39;&#41; ;\r\n\r\nQuery OK, 1 row affected &#40;0.00 sec&#41;\r\n\r\n \r\n\r\nmysql&gt; CREATE FUNCTION udf_arg_count\r\n\r\n -&gt; RETURNS INTEGER\r\n\r\n -&gt; SONAME &#39;lib_mysqludf_udf.dll&#39;\r\n\r\n -&gt; ;\r\n\r\nQuery OK, 0 rows affected &#40;0.00 sec&#41;\r\n\r\n \r\n\r\nmysql&gt; select udf_arg_count&#40;1,2,3,4&#41;;\r\n\r\n+------------------------+\r\n\r\n| udf_arg_count&#40;1,2,3,4&#41; |\r\n\r\n+------------------------+\r\n\r\n| 4 |\r\n\r\n+------------------------+\r\n\r\n1 row in set &#40;0.00 sec&#41;\r\n\r\n\r\nPlease verify and send your opion about this.\r\nI &#39;m waitting your mail.\r\n\r\nRegards\r\nRahimeh.Khodadadi\r\n Network Security Center of Sharif University of Iran", "edition": 1, "modified": "2009-03-17T00:00:00", "published": "2009-03-17T00:00:00", "id": "SECURITYVULNS:DOC:21488", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21488", "title": "reporting CVE", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-4030", "CVE-2009-4028", "CVE-2008-4098", "CVE-2008-2079", "CVE-2009-4019"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:012\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : mysql\r\n Date : January 17, 2010\r\n Affected: 2009.1, 2010.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in mysql:\r\n \r\n mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does\r\n not &#40;1&#41; properly handle errors during execution of certain SELECT\r\n statements with subqueries, and does not &#40;2&#41; preserve certain\r\n null_value flags during execution of statements that use the\r\n GeomFromWKB function, which allows remote authenticated users to\r\n cause a denial of service &#40;daemon crash&#41; via a crafted statement\r\n &#40;CVE-2009-4019&#41;.\r\n \r\n The vio_verify_callback function in viosslfactories.c in MySQL\r\n 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,\r\n accepts a value of zero for the depth of X.509 certificates, which\r\n allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL\r\n servers via a crafted certificate, as demonstrated by a certificate\r\n presented by a server linked against the yaSSL library &#40;CVE-2009-4028&#41;.\r\n \r\n MySQL 5.1.x before 5.1.41 allows local users to bypass certain\r\n privilege checks by calling CREATE TABLE on a MyISAM table with\r\n modified &#40;1&#41; DATA DIRECTORY or &#40;2&#41; INDEX DIRECTORY arguments\r\n that are originally associated with pathnames without symlinks,\r\n and that can point to tables created at a future time at which a\r\n pathname is modified to contain a symlink to a subdirectory of the\r\n MySQL data home directory, related to incorrect calculation of the\r\n mysql_unpacked_real_data_home value. NOTE: this vulnerability exists\r\n because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079\r\n &#40;CVE-2009-4030&#41;.\r\n \r\n The updated packages have been patched to correct these\r\n issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded\r\n to the latest stable 5.1 release &#40;5.1.42&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-37.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html\r\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-42.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.1:\r\n 2052354eb2f57325cc5a351aa8e7fa17 2009.1/i586/libmysql16-5.1.42-0.1mdv2009.1.i586.rpm\r\n f8b86535e2b9304340b95fc6b5e5ed53 2009.1/i586/libmysql-devel-5.1.42-0.1mdv2009.1.i586.rpm\r\n 0b2b4f3359a6b44614daf30e921faebf 2009.1/i586/libmysql-static-devel-5.1.42-0.1mdv2009.1.i586.rpm\r\n 0a007a4249e801fcf6ba7112c79e125b 2009.1/i586/mysql-5.1.42-0.1mdv2009.1.i586.rpm\r\n 87664cc60c044a8415d54d4e1169556c 2009.1/i586/mysql-bench-5.1.42-0.1mdv2009.1.i586.rpm\r\n ec0a34be2a2abd3890e3b6163099231b 2009.1/i586/mysql-client-5.1.42-0.1mdv2009.1.i586.rpm\r\n 5f1526147c19c5dac3d5e926e75e6108 2009.1/i586/mysql-common-5.1.42-0.1mdv2009.1.i586.rpm\r\n 53894c10ef4d4e1384d55bf6d957d03b 2009.1/i586/mysql-doc-5.1.42-0.1mdv2009.1.i586.rpm\r\n af10d4d0e4efb516dc8228df3b6e0b04 2009.1/i586/mysql-max-5.1.42-0.1mdv2009.1.i586.rpm\r\n a950628d61d6941c5334040527b187b3 2009.1/i586/mysql-ndb-extra-5.1.42-0.1mdv2009.1.i586.rpm\r\n 5ef3d1368951afda87ce339ac3f40702 2009.1/i586/mysql-ndb-management-5.1.42-0.1mdv2009.1.i586.rpm\r\n 939043e470320d048c61ba731e58eedb 2009.1/i586/mysql-ndb-storage-5.1.42-0.1mdv2009.1.i586.rpm\r\n b575199f57235a93ab35f1d21b09106b 2009.1/i586/mysql-ndb-tools-5.1.42-0.1mdv2009.1.i586.rpm \r\n 7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 83694bc1ab6c44f9ad081a385db8e137 2009.1/x86_64/lib64mysql16-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n efeb723e6c2f03878d3c7a98c70b08fc 2009.1/x86_64/lib64mysql-devel-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 36dd02fdbc2fbb752cee1d5dd80b2687 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 6d0f276c904e851e94e21fd33064bf84 2009.1/x86_64/mysql-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 783bb174310ca9f2d713f83cf6d1ef88 2009.1/x86_64/mysql-bench-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 4e63f4cc681ea7647a4a6d741b272a5b 2009.1/x86_64/mysql-client-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 0387ea642a706affc7ea43996786995b 2009.1/x86_64/mysql-common-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 57a3b2e0d7f89cf6c529317f96aa175d 2009.1/x86_64/mysql-doc-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 754919090d5355395a2f36025b0a6370 2009.1/x86_64/mysql-max-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n f7b6cff4ab3d2679107c8b5a1f0d1209 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 526aec7bd783d54a9ba354098f88cb53 2009.1/x86_64/mysql-ndb-management-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 5c21900db14347e6e04979e9edeafc7c 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2009.1.x86_64.rpm\r\n 3011a3d4a3a83b563933909446c4e5a2 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2009.1.x86_64.rpm \r\n 7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n d8b966d905db88c7a5f78b350b2d197b 2010.0/i586/libmysql16-5.1.42-0.1mdv2010.0.i586.rpm\r\n 97890a292a3ad4bfbb9a12bbf4526b65 2010.0/i586/libmysql-devel-5.1.42-0.1mdv2010.0.i586.rpm\r\n abdfe57c2b25ff668b9f972efa4bec28 2010.0/i586/libmysql-static-devel-5.1.42-0.1mdv2010.0.i586.rpm\r\n de115ca3e80cb4a54970590eae0caf74 2010.0/i586/mysql-5.1.42-0.1mdv2010.0.i586.rpm\r\n b1af15f0e00bd2824092dac21d28a59d 2010.0/i586/mysql-bench-5.1.42-0.1mdv2010.0.i586.rpm\r\n 67beec0620551eb817d09e4dd2ed32a6 2010.0/i586/mysql-client-5.1.42-0.1mdv2010.0.i586.rpm\r\n e7979f8b6015a750d09593478cfcccc2 2010.0/i586/mysql-common-5.1.42-0.1mdv2010.0.i586.rpm\r\n 1e403dda77399cac91522b99c5a77a94 2010.0/i586/mysql-common-core-5.1.42-0.1mdv2010.0.i586.rpm\r\n c06bcd5a5c0acb43f270f5d7ace9d417 2010.0/i586/mysql-core-5.1.42-0.1mdv2010.0.i586.rpm\r\n 155d7edf8bf7760c644733671d04dda2 2010.0/i586/mysql-doc-5.1.42-0.1mdv2010.0.i586.rpm\r\n 8a7c42ba34efd2f8f1c74491f30bac7c 2010.0/i586/mysql-max-5.1.42-0.1mdv2010.0.i586.rpm\r\n 1d1eb124a30062c8229eacee947fab6b 2010.0/i586/mysql-ndb-extra-5.1.42-0.1mdv2010.0.i586.rpm\r\n e6133a08e26f7983f9cb9b7b67b75ca9 2010.0/i586/mysql-ndb-management-5.1.42-0.1mdv2010.0.i586.rpm\r\n 9372040b6d57968315f459a688a7fdab 2010.0/i586/mysql-ndb-storage-5.1.42-0.1mdv2010.0.i586.rpm\r\n a74218625b766d72ae38c2c1476cf3e6 2010.0/i586/mysql-ndb-tools-5.1.42-0.1mdv2010.0.i586.rpm \r\n ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 2930d2e7a334341d082bdec1c2ad261f 2010.0/x86_64/lib64mysql16-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 8ca967411d87705edcced52cc8281744 2010.0/x86_64/lib64mysql-devel-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 71af52b4b8cd37ec37141fe56b0bea1c 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n f8ff5f7cdd6054da4c81e3a741d9fb22 2010.0/x86_64/mysql-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 2b7d818a2edd120aba01e525fc51e647 2010.0/x86_64/mysql-bench-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 4896e7cfb9818e740de6586d6de18e8f 2010.0/x86_64/mysql-client-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 7904e902d0dd12a611fef6d4fe74d188 2010.0/x86_64/mysql-common-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 4ad977d5b0a3d8bd29d482f35ee41516 2010.0/x86_64/mysql-common-core-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 72ae82e587c92165a72467e30560b42f 2010.0/x86_64/mysql-core-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 7585cdb1a7065c522d3d71c91c13071f 2010.0/x86_64/mysql-doc-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 50936bad8898af9a9ecbab9f51a884c5 2010.0/x86_64/mysql-max-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 2ef542022c6437fa4df25e7b46c804dd 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n b20519b0f4fb8ca438c8105a1305b45d 2010.0/x86_64/mysql-ndb-management-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 32d5eb57ba08af5420e44777ea2bbd98 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2010.0.x86_64.rpm\r\n 607848d02f7cffdf3169c7dbce65e75f 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2010.0.x86_64.rpm \r\n ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFLU3VUmqjQ0CJFipgRAmhhAJ91sCoRByeEVFdzAULLmfs0t6vOsACaArA+\r\nfPZMuPMkwgub9aN1Xva9v1Q=\r\n=2/XR\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-01-19T00:00:00", "published": "2010-01-19T00:00:00", "id": "SECURITYVULNS:DOC:23063", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23063", "title": "[ MDVSA-2010:012 ] mysql", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2005-2573", "CVE-2008-4098"], "description": "It&#39;s possible to load dynamic library from any location; functions are still available after library is unloaded.", "edition": 1, "modified": "2009-03-17T00:00:00", "published": "2009-03-17T00:00:00", "id": "SECURITYVULNS:VULN:9747", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9747", "title": "MySQL dynamic functions loading vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2020-06-11T17:54:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "description": "According to its version number, the remote version of MySQL is\n prone to a security-bypass vulnerability.", "modified": "2020-06-09T00:00:00", "published": "2009-04-23T00:00:00", "id": "OPENVAS:1361412562310100156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100156", "type": "openvas", "title": "MySQL MyISAM Table Privileges Security Bypass Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MySQL MyISAM Table Privileges Security Bypass Vulnerability\n#\n# Authors\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mysql:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100156\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 21:21:19 +0200 (Thu, 23 Apr 2009)\");\n script_bugtraq_id(29106);\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"MySQL MyISAM Table Privileges Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"mysql_version.nasl\");\n script_mandatory_keys(\"MySQL/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/29106\");\n\n script_tag(name:\"summary\", value:\"According to its version number, the remote version of MySQL is\n prone to a security-bypass vulnerability.\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to gain access to table files created by\n other users, bypassing certain security restrictions.\");\n\n script_tag(name:\"insight\", value:\"NOTE 1: This issue was also assigned CVE-2008-4097 because\n CVE-2008-2079 was incompletely fixed, allowing symlink attacks.\n\n NOTE 2: CVE-2008-4098 was assigned because fixes for the vector\n described in CVE-2008-4097 can also be bypassed.\");\n\n script_tag(name:\"affected\", value:\"This issue affects versions prior to MySQL 4 (prior to 4.1.24) and\n MySQL 5 (prior to 5.0.60).\");\n\n script_tag(name:\"solution\", value:\"Updates are available, please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!ver = get_app_version(cpe:CPE, port:port)) exit(0);\n\nif(version_in_range(version:ver, test_version:\"4.0\", test_version2:\"4.1.23\") ||\n version_in_range(version:ver, test_version:\"5.0\", test_version2:\"5.0.59\") ) {\n report = report_fixed_ver(installed_version:ver, fixed_version:\"4.1.24/5.0.60\");\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:39:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-01-02T00:00:00", "id": "OPENVAS:136141256231063095", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063095", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "sourceData": "#\n#VID 738f8f9e-d661-11dd-a765-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 738f8f9e-d661-11dd-a765-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2008-2079\nMySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24,\nand 6.0.x before 6.0.5 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the\nMySQL home data directory, which can point to tables that are created\nin the future.\nCVE-2008-4097\nMySQL 5.0.51a allows local users to bypass certain privilege checks by\ncalling CREATE TABLE on a MyISAM table with modified (1) DATA\nDIRECTORY or (2) INDEX DIRECTORY arguments that are associated with\nsymlinks within pathnames for subdirectories of the MySQL home data\ndirectory, which are followed when tables are created in the future.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-2079.\nCVE-2008-4098\nMySQL before 5.0.67 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally\nassociated with pathnames without symlinks, and that can point to\ntables created at a future time at which a pathname is modified to\ncontain a symlink to a subdirectory of the MySQL home data directory.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-4097.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.mysql.com/bug.php?id=32167\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html\nhttp://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html\nhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25\nhttp://www.vuxml.org/freebsd/738f8f9e-d661-11dd-a765-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63095\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-02 18:22:54 +0100 (Fri, 02 Jan 2009)\");\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>=0 && revcomp(a:bver, b:\"4.1.25\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>=0 && revcomp(a:bver, b:\"5.0.75\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>=0 && revcomp(a:bver, b:\"5.1.28\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0\")>=0 && revcomp(a:bver, b:\"6.0.6\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-01-02T00:00:00", "id": "OPENVAS:63095", "href": "http://plugins.openvas.org/nasl.php?oid=63095", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "sourceData": "#\n#VID 738f8f9e-d661-11dd-a765-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 738f8f9e-d661-11dd-a765-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2008-2079\nMySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24,\nand 6.0.x before 6.0.5 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the\nMySQL home data directory, which can point to tables that are created\nin the future.\nCVE-2008-4097\nMySQL 5.0.51a allows local users to bypass certain privilege checks by\ncalling CREATE TABLE on a MyISAM table with modified (1) DATA\nDIRECTORY or (2) INDEX DIRECTORY arguments that are associated with\nsymlinks within pathnames for subdirectories of the MySQL home data\ndirectory, which are followed when tables are created in the future.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-2079.\nCVE-2008-4098\nMySQL before 5.0.67 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally\nassociated with pathnames without symlinks, and that can point to\ntables created at a future time at which a pathname is modified to\ncontain a symlink to a subdirectory of the MySQL home data directory.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-4097.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.mysql.com/bug.php?id=32167\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html\nhttp://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html\nhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25\nhttp://www.vuxml.org/freebsd/738f8f9e-d661-11dd-a765-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63095);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-02 18:22:54 +0100 (Fri, 02 Jan 2009)\");\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>=0 && revcomp(a:bver, b:\"4.1.25\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>=0 && revcomp(a:bver, b:\"5.0.75\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>=0 && revcomp(a:bver, b:\"5.1.28\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0\")>=0 && revcomp(a:bver, b:\"6.0.6\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-671-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840292", "href": "http://plugins.openvas.org/nasl.php?oid=840292", "type": "openvas", "title": "Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_671_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that MySQL could be made to overwrite existing table\n files in the data directory. An authenticated user could use the\n DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege\n checks. This update alters table creation behaviour by disallowing the\n use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY\n options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)\n\n It was discovered that MySQL did not handle empty bit-string literals\n properly. An attacker could exploit this problem and cause the MySQL\n server to crash, leading to a denial of service. (CVE-2008-3963)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-671-1\";\ntag_affected = \"mysql-dfsg-5.0 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-671-1/\");\n script_id(840292);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"671-1\");\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-3963\", \"CVE-2008-4097\", \"CVE-2008-4098\");\n script_name( \"Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmysqlclient15-dev\", ver:\"5.0.22-0ubuntu6.06.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmysqlclient15off\", ver:\"5.0.22-0ubuntu6.06.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0_5.0.22-0ubuntu6.06.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0_5.0.22-0ubuntu6.06.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0.22-0ubuntu6.06.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.0.22-0ubuntu6.06.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0.22-0ubuntu6.06.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmysqlclient15-dev\", ver:\"5.0.51a-3ubuntu5.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmysqlclient15off\", ver:\"5.0.51a-3ubuntu5.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0_5.0.51a-3ubuntu5.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0_5.0.51a-3ubuntu5.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0.51a-3ubuntu5.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.0.51a-3ubuntu5.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0.51a-3ubuntu5.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmysqlclient15-dev\", ver:\"5.0.45-1ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmysqlclient15off\", ver:\"5.0.45-1ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0_5.0.45-1ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0_5.0.45-1ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0.45-1ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.0.45-1ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0.45-1ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4456", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "description": "The remote host is missing an update to mysql\nannounced via advisory MDVSA-2009:094.", "modified": "2018-04-06T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:136141256231063872", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063872", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:094 (mysql)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_094.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:094 (mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in mysql:\n\nMySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6\ndoes not properly handle a b'' (b single-quote single-quote) token,\naka an empty bit-string literal, which allows remote attackers to\ncause a denial of service (daemon crash) by using this token in a\nSQL statement (CVE-2008-3963).\n\nMySQL 5.0.51a allows local users to bypass certain privilege checks by\ncalling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY\nor (2) INDEX DIRECTORY arguments that are associated with symlinks\nwithin pathnames for subdirectories of the MySQL home data directory,\nwhich are followed when tables are created in the future. NOTE: this\nvulnerability exists because of an incomplete fix for CVE-2008-2079\n(CVE-2008-4097).\n\nMySQL before 5.0.67 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally\nassociated with pathnames without symlinks, and that can point to\ntables created at a future time at which a pathname is modified\nto contain a symlink to a subdirectory of the MySQL home data\ndirectory. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2008-4097 (CVE-2008-4098).\n\nCross-site scripting (XSS) vulnerability in the command-line client\nin MySQL 5.0.26 through 5.0.45, when the --html option is enabled,\nallows attackers to inject arbitrary web script or HTML by placing\nit in a database cell, which might be accessed by this client when\ncomposing an HTML document (CVE-2008-4456).\n\nbugs in the Mandriva Linux 2008.1 packages that has been fixed:\n\no upstream fix for mysql bug35754 (#38398, #44691)\no fix #46116 (initialization file mysqld-max don't show correct\napplication status)\no fix upstream bug 42366\n\nbugs in the Mandriva Linux 2009.0 packages that has been fixed:\n\no upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,\nCVE-2008-4098)\no no need to workaround #38398, #44691 anymore (since 5.0.75)\no fix upstream bug 42366\no fix #46116 (initialization file mysqld-max don't show correct\napplication status)\no sphinx-0.9.8.1\n\nbugs in the Mandriva Linux Corporate Server 4 packages that has\nbeen fixed:\no fix upstream bug 42366\no fix #46116 (initialization file mysqld-max don't show correct\napplication status)\n\nThe updated packages have been patched to correct these issues.\n\nAffected: 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:094\";\ntag_summary = \"The remote host is missing an update to mysql\nannounced via advisory MDVSA-2009:094.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63872\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2008-3963\", \"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\", \"CVE-2008-4456\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:094 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4456", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "description": "The remote host is missing an update to mysql\nannounced via advisory MDVSA-2009:094.", "modified": "2017-07-06T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:63872", "href": "http://plugins.openvas.org/nasl.php?oid=63872", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:094 (mysql)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_094.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:094 (mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in mysql:\n\nMySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6\ndoes not properly handle a b'' (b single-quote single-quote) token,\naka an empty bit-string literal, which allows remote attackers to\ncause a denial of service (daemon crash) by using this token in a\nSQL statement (CVE-2008-3963).\n\nMySQL 5.0.51a allows local users to bypass certain privilege checks by\ncalling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY\nor (2) INDEX DIRECTORY arguments that are associated with symlinks\nwithin pathnames for subdirectories of the MySQL home data directory,\nwhich are followed when tables are created in the future. NOTE: this\nvulnerability exists because of an incomplete fix for CVE-2008-2079\n(CVE-2008-4097).\n\nMySQL before 5.0.67 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally\nassociated with pathnames without symlinks, and that can point to\ntables created at a future time at which a pathname is modified\nto contain a symlink to a subdirectory of the MySQL home data\ndirectory. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2008-4097 (CVE-2008-4098).\n\nCross-site scripting (XSS) vulnerability in the command-line client\nin MySQL 5.0.26 through 5.0.45, when the --html option is enabled,\nallows attackers to inject arbitrary web script or HTML by placing\nit in a database cell, which might be accessed by this client when\ncomposing an HTML document (CVE-2008-4456).\n\nbugs in the Mandriva Linux 2008.1 packages that has been fixed:\n\no upstream fix for mysql bug35754 (#38398, #44691)\no fix #46116 (initialization file mysqld-max don't show correct\napplication status)\no fix upstream bug 42366\n\nbugs in the Mandriva Linux 2009.0 packages that has been fixed:\n\no upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,\nCVE-2008-4098)\no no need to workaround #38398, #44691 anymore (since 5.0.75)\no fix upstream bug 42366\no fix #46116 (initialization file mysqld-max don't show correct\napplication status)\no sphinx-0.9.8.1\n\nbugs in the Mandriva Linux Corporate Server 4 packages that has\nbeen fixed:\no fix upstream bug 42366\no fix #46116 (initialization file mysqld-max don't show correct\napplication status)\n\nThe updated packages have been patched to correct these issues.\n\nAffected: 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:094\";\ntag_summary = \"The remote host is missing an update to mysql\nannounced via advisory MDVSA-2009:094.\";\n\n \n\nif(description)\n{\n script_id(63872);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2008-3963\", \"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\", \"CVE-2008-4456\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:094 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.51a~8.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.77~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.45~7.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040120 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065610", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065610", "type": "openvas", "title": "SLES9: Security update for MySQL", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040120.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for MySQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040120 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65610\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-4097\", \"CVE-2008-4098\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for MySQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.0.18~32.37\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040120 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65610", "href": "http://plugins.openvas.org/nasl.php?oid=65610", "type": "openvas", "title": "SLES9: Security update for MySQL", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040120.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for MySQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040120 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65610);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-4097\", \"CVE-2008-4098\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for MySQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.0.18~32.37\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098"], "description": "The remote host is missing an update to mysql-dfsg-5.0\nannounced via advisory DSA 1662-1.", "modified": "2017-07-07T00:00:00", "published": "2008-11-19T00:00:00", "id": "OPENVAS:61852", "href": "http://plugins.openvas.org/nasl.php?oid=61852", "type": "openvas", "title": "Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1662_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1662-1 (mysql-dfsg-5.0)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A symlink traversal vulnerability was discovered in MySQL, a\nrelational database server. The weakness could permit an attacker\nhaving both CREATE TABLE access to a database and the ability to\nexecute shell commands on the database server to bypass MySQL access\ncontrols, enabling them to write to tables in databases to which they\nwould not ordinarily have access.\n\nThe Common Vulnerabilities and Exposures project identifies this\nvulnerability as CVE-2008-4098. Note that a closely aligned issue,\nidentified as CVE-2008-4097, was prevented by the update announced in\nDSA-1608-1. This new update supercedes that fix and mitigates both\npotential attack vectors.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch8.\n\nWe recommend that you upgrade your mysql packages.\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg-5.0\nannounced via advisory DSA 1662-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201662-1\";\n\n\nif(description)\n{\n script_id(61852);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-19 16:52:57 +0100 (Wed, 19 Nov 2008)\");\n script_cve_id(\"CVE-2008-4098\", \"CVE-2008-4097\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.0\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.0\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient15-dev\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-4.1\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient15off\", ver:\"5.0.32-7etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65884", "href": "http://plugins.openvas.org/nasl.php?oid=65884", "type": "openvas", "title": "SLES10: Security update for MySQL", "sourceData": "#\n#VID slesp2-mysql-5618\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for MySQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n mysql-client\n mysql-devel\n mysql-shared\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65884);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3963\", \"CVE-2008-4097\", \"CVE-2008-4098\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for MySQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.26~12.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-Max\", rpm:\"mysql-Max~5.0.26~12.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.26~12.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~5.0.26~12.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mysql-shared\", rpm:\"mysql-shared~5.0.26~12.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:26:04", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "description": "It was discovered that MySQL could be made to overwrite existing table \nfiles in the data directory. An authenticated user could use the \nDATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege \nchecks. This update alters table creation behaviour by disallowing the \nuse of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY \noptions. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)\n\nIt was discovered that MySQL did not handle empty bit-string literals \nproperly. An attacker could exploit this problem and cause the MySQL \nserver to crash, leading to a denial of service. (CVE-2008-3963)", "edition": 5, "modified": "2008-11-17T00:00:00", "published": "2008-11-17T00:00:00", "id": "USN-671-1", "href": "https://ubuntu.com/security/notices/USN-671-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-20T15:44:19", "description": "It was discovered that MySQL could be made to overwrite existing table\nfiles in the data directory. An authenticated user could use the DATA\nDIRECTORY and INDEX DIRECTORY options to possibly bypass privilege\nchecks. This update alters table creation behaviour by disallowing the\nuse of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY\noptions. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)\n\nIt was discovered that MySQL did not handle empty bit-string literals\nproperly. An attacker could exploit this problem and cause the MySQL\nserver to crash, leading to a denial of service. (CVE-2008-3963).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : mysql-dfsg-5.0 vulnerabilities (USN-671-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15off", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15-dev", "p-cpe:/a:canonical:ubuntu_linux:mysql-server", "p-cpe:/a:canonical:ubuntu_linux:mysql-client", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.0", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.0", "p-cpe:/a:canonical:ubuntu_linux:mysql-common", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-671-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-671-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37299);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-3963\", \"CVE-2008-4097\", \"CVE-2008-4098\");\n script_xref(name:\"USN\", value:\"671-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : mysql-dfsg-5.0 vulnerabilities (USN-671-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that MySQL could be made to overwrite existing table\nfiles in the data directory. An authenticated user could use the DATA\nDIRECTORY and INDEX DIRECTORY options to possibly bypass privilege\nchecks. This update alters table creation behaviour by disallowing the\nuse of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY\noptions. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)\n\nIt was discovered that MySQL did not handle empty bit-string literals\nproperly. An attacker could exploit this problem and cause the MySQL\nserver to crash, leading to a denial of service. (CVE-2008-3963).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/671-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_cwe_id(59, 134, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15off\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmysqlclient15-dev\", pkgver:\"5.0.22-0ubuntu6.06.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmysqlclient15off\", pkgver:\"5.0.22-0ubuntu6.06.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mysql-client\", pkgver:\"5.0.22-0ubuntu6.06.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mysql-client-5.0\", pkgver:\"5.0.22-0ubuntu6.06.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mysql-common\", pkgver:\"5.0.22-0ubuntu6.06.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mysql-server\", pkgver:\"5.0.22-0ubuntu6.06.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mysql-server-5.0\", pkgver:\"5.0.22-0ubuntu6.06.11\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libmysqlclient15-dev\", pkgver:\"5.0.45-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libmysqlclient15off\", pkgver:\"5.0.45-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mysql-client\", pkgver:\"5.0.45-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mysql-client-5.0\", pkgver:\"5.0.45-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mysql-common\", pkgver:\"5.0.45-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mysql-server\", pkgver:\"5.0.45-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"mysql-server-5.0\", pkgver:\"5.0.45-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libmysqlclient15-dev\", pkgver:\"5.0.51a-3ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libmysqlclient15off\", pkgver:\"5.0.51a-3ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mysql-client\", pkgver:\"5.0.51a-3ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mysql-client-5.0\", pkgver:\"5.0.51a-3ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mysql-common\", pkgver:\"5.0.51a-3ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mysql-server\", pkgver:\"5.0.51a-3ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"mysql-server-5.0\", pkgver:\"5.0.51a-3ubuntu5.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient15-dev / libmysqlclient15off / mysql-client / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:05", "description": "Multiple vulnerabilities has been found and corrected in mysql :\n\nMySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does\nnot properly handle a b'' (b single-quote single-quote) token, aka an\nempty bit-string literal, which allows remote attackers to cause a\ndenial of service (daemon crash) by using this token in a SQL\nstatement (CVE-2008-3963).\n\nMySQL 5.0.51a allows local users to bypass certain privilege checks by\ncalling CREATE TABLE on a MyISAM table with modified (1) DATA\nDIRECTORY or (2) INDEX DIRECTORY arguments that are associated with\nsymlinks within pathnames for subdirectories of the MySQL home data\ndirectory, which are followed when tables are created in the future.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-2079 (CVE-2008-4097).\n\nMySQL before 5.0.67 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally\nassociated with pathnames without symlinks, and that can point to\ntables created at a future time at which a pathname is modified to\ncontain a symlink to a subdirectory of the MySQL home data directory.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-4097 (CVE-2008-4098).\n\nCross-site scripting (XSS) vulnerability in the command-line client in\nMySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows\nattackers to inject arbitrary web script or HTML by placing it in a\ndatabase cell, which might be accessed by this client when composing\nan HTML document (CVE-2008-4456).\n\nbugs in the Mandriva Linux 2008.1 packages that has been fixed :\n\no upstream fix for mysql bug35754 (#38398, #44691) o fix #46116\n(initialization file mysqld-max don't show correct application status)\no fix upstream bug 42366\n\nbugs in the Mandriva Linux 2009.0 packages that has been fixed :\n\no upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,\nCVE-2008-4098) o no need to workaround #38398, #44691 anymore (since\n5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file\nmysqld-max don't show correct application status) o sphinx-0.9.8.1\n\nbugs in the Mandriva Linux Corporate Server 4 packages that has been\nfixed: o fix upstream bug 42366 o fix #46116 (initialization file\nmysqld-max don't show correct application status)\n\nThe updated packages have been patched to correct these issues.", "edition": 27, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4456", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mysql-doc", "p-cpe:/a:mandriva:linux:mysql-ndb-management", "p-cpe:/a:mandriva:linux:mysql-bench", "p-cpe:/a:mandriva:linux:mysql", "p-cpe:/a:mandriva:linux:libmysql-devel", "p-cpe:/a:mandriva:linux:lib64mysql15", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:mysql-max", "p-cpe:/a:mandriva:linux:mysql-ndb-tools", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:lib64mysql-static-devel", "p-cpe:/a:mandriva:linux:mysql-ndb-storage", "p-cpe:/a:mandriva:linux:mysql-common", "p-cpe:/a:mandriva:linux:mysql-ndb-extra", "p-cpe:/a:mandriva:linux:mysql-client", "p-cpe:/a:mandriva:linux:lib64mysql-devel", "p-cpe:/a:mandriva:linux:libmysql-static-devel", "p-cpe:/a:mandriva:linux:libmysql15"], "id": "MANDRIVA_MDVSA-2009-094.NASL", "href": "https://www.tenable.com/plugins/nessus/36943", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:094. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36943);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-3963\",\n \"CVE-2008-4097\",\n \"CVE-2008-4098\",\n \"CVE-2008-4456\"\n );\n script_bugtraq_id(\n 29106,\n 31081,\n 31486\n );\n script_xref(name:\"MDVSA\", value:\"2009:094\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in mysql :\n\nMySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does\nnot properly handle a b'' (b single-quote single-quote) token, aka an\nempty bit-string literal, which allows remote attackers to cause a\ndenial of service (daemon crash) by using this token in a SQL\nstatement (CVE-2008-3963).\n\nMySQL 5.0.51a allows local users to bypass certain privilege checks by\ncalling CREATE TABLE on a MyISAM table with modified (1) DATA\nDIRECTORY or (2) INDEX DIRECTORY arguments that are associated with\nsymlinks within pathnames for subdirectories of the MySQL home data\ndirectory, which are followed when tables are created in the future.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-2079 (CVE-2008-4097).\n\nMySQL before 5.0.67 allows local users to bypass certain privilege\nchecks by calling CREATE TABLE on a MyISAM table with modified (1)\nDATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally\nassociated with pathnames without symlinks, and that can point to\ntables created at a future time at which a pathname is modified to\ncontain a symlink to a subdirectory of the MySQL home data directory.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2008-4097 (CVE-2008-4098).\n\nCross-site scripting (XSS) vulnerability in the command-line client in\nMySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows\nattackers to inject arbitrary web script or HTML by placing it in a\ndatabase cell, which might be accessed by this client when composing\nan HTML document (CVE-2008-4456).\n\nbugs in the Mandriva Linux 2008.1 packages that has been fixed :\n\no upstream fix for mysql bug35754 (#38398, #44691) o fix #46116\n(initialization file mysqld-max don't show correct application status)\no fix upstream bug 42366\n\nbugs in the Mandriva Linux 2009.0 packages that has been fixed :\n\no upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,\nCVE-2008-4098) o no need to workaround #38398, #44691 anymore (since\n5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file\nmysqld-max don't show correct application status) o sphinx-0.9.8.1\n\nbugs in the Mandriva Linux Corporate Server 4 packages that has been\nfixed: o fix upstream bug 42366 o fix #46116 (initialization file\nmysqld-max don't show correct application status)\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(59, 79, 134, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64mysql15-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmysql-devel-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmysql-static-devel-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libmysql15-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-bench-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-client-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-common-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-doc-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-max-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-extra-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-management-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-storage-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mysql-ndb-tools-5.0.51a-8.2mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64mysql15-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libmysql-devel-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libmysql-static-devel-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libmysql15-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-bench-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-client-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-common-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-doc-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-max-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-extra-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-management-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-storage-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-tools-5.0.77-0.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:09", "description": "A symlink traversal vulnerability was discovered in MySQL, a\nrelational database server. The weakness could permit an attacker\nhaving both CREATE TABLE access to a database and the ability to\nexecute shell commands on the database server to bypass MySQL access\ncontrols, enabling them to write to tables in databases to which they\nwould not ordinarily have access.\n\nThe Common Vulnerabilities and Exposures project identifies this\nvulnerability as CVE-2008-4098. Note that a closely aligned issue,\nidentified as CVE-2008-4097, was prevented by the update announced in\nDSA-1608-1. This new update supersedes that fix and mitigates both\npotential attack vectors.", "edition": 25, "published": "2008-11-06T00:00:00", "title": "Debian DSA-1662-1 : mysql-dfsg-5.0 - authorization bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098"], "modified": "2008-11-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0"], "id": "DEBIAN_DSA-1662.NASL", "href": "https://www.tenable.com/plugins/nessus/34700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1662. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34700);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-4098\");\n script_bugtraq_id(29106);\n script_xref(name:\"DSA\", value:\"1662\");\n\n script_name(english:\"Debian DSA-1662-1 : mysql-dfsg-5.0 - authorization bypass\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A symlink traversal vulnerability was discovered in MySQL, a\nrelational database server. The weakness could permit an attacker\nhaving both CREATE TABLE access to a database and the ability to\nexecute shell commands on the database server to bypass MySQL access\ncontrols, enabling them to write to tables in databases to which they\nwould not ordinarily have access.\n\nThe Common Vulnerabilities and Exposures project identifies this\nvulnerability as CVE-2008-4098. Note that a closely aligned issue,\nidentified as CVE-2008-4097, was prevented by the update announced in\nDSA-1608-1. This new update supersedes that fix and mitigates both\npotential attack vectors.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql packages.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libmysqlclient15-dev\", reference:\"5.0.32-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmysqlclient15off\", reference:\"5.0.32-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-client\", reference:\"5.0.32-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-client-5.0\", reference:\"5.0.32-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-common\", reference:\"5.0.32-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-server\", reference:\"5.0.32-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-server-4.1\", reference:\"5.0.32-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mysql-server-5.0\", reference:\"5.0.32-7etch8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:17", "description": "Due a flaw users could access tables of other users. (CVE-2008-4097,\nCVE-2008-4098)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : MySQL (YOU Patch Number 12256)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-4098"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12256.NASL", "href": "https://www.tenable.com/plugins/nessus/41243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41243);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4097\", \"CVE-2008-4098\");\n\n script_name(english:\"SuSE9 Security Update : MySQL (YOU Patch Number 12256)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Due a flaw users could access tables of other users. (CVE-2008-4097,\nCVE-2008-4098)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4098.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12256.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_cwe_id(59, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-4.0.18-32.37\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-Max-4.0.18-32.37\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-client-4.0.18-32.37\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-devel-4.0.18-32.37\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mysql-shared-4.0.18-32.37\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:54:39", "description": "The version of MySQL installed on the remote host is earlier than\n5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 and thus reportedly allows a local\nuser to circumvent privileges through creation of MyISAM tables using\nthe 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory. This is the\nsame flaw as CVE-2008-2079, which was not completely fixed.", "edition": 26, "published": "2012-01-16T00:00:00", "title": "MySQL < 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 MyISAM CREATE TABLE Privilege Check Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4097", "CVE-2008-2079"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_6_0_14_PRIV_BYPASS.NASL", "href": "https://www.tenable.com/plugins/nessus/17812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17812);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2008-4097\");\n script_bugtraq_id(29106);\n\n script_name(english:\"MySQL < 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 MyISAM CREATE TABLE Privilege Check Bypass\");\n script_summary(english:\"Checks version of MySQL Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server allows a local user to circumvent\nprivileges.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is earlier than\n5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 and thus reportedly allows a local\nuser to circumvent privileges through creation of MyISAM tables using\nthe 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite\nexisting table files in the application's data directory. This is the\nsame flaw as CVE-2008-2079, which was not completely fixed.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=32167?\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:make_list('5.0.88', '5.1.42', '5.5.0', '6.0.14'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:54:48", "description": "The version of MySQL Enterprise Server 5.0 installed on the remote\nhost is earlier than 5.0.70. In such versions, it is possible for a\nlocal user to circumvent privileges through the creation of MyISAM\ntables employing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to\noverwrite existing table files in the application's data directory. \n\nNote that this issue was supposed to have been addressed in version\n5.0.60, but the fix was incomplete.", "edition": 27, "published": "2008-11-09T00:00:00", "title": "MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4098", "CVE-2008-2079"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_ES_5_0_70.NASL", "href": "https://www.tenable.com/plugins/nessus/34727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34727);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4098\");\n script_bugtraq_id(29106);\n\n script_name(english:\"MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass\");\n script_summary(english:\"Checks version of MySQL Enterprise Server 5.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is susceptible to a privilege bypass\nattack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL Enterprise Server 5.0 installed on the remote\nhost is earlier than 5.0.70. In such versions, it is possible for a\nlocal user to circumvent privileges through the creation of MyISAM\ntables employing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to\noverwrite existing table files in the application's data directory. \n\nNote that this issue was supposed to have been addressed in version\n5.0.60, but the fix was incomplete.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.mysql.com/bug.php?id=32167\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-70.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2008/09/09/20\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2008/09/16/3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise version 5.0.70 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\n\nif (mysql_init(port:port, exit_on_fail:TRUE) == 1)\n{\n variant = mysql_get_variant();\n version = mysql_get_version();\n\n if (\n \"Enterprise \" >< variant && \n strlen(version) && \n version =~ \"^5\\.0\\.([0-9]|[1-6][0-9])($|[^0-9])\"\n )\n {\n if (report_verbosity > 0)\n {\n report =\n '\\nThe remote MySQL '+variant+'\\'s version is :\\n'+\n ' '+version+'\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n }\n}\nmysql_close();\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:02", "description": "Updated mysql packages that fix various security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: This attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nA flaw was found in the way MySQL handles an empty bit-string literal.\nA remote, authenticated attacker could crash the MySQL server daemon\n(mysqld) if they used an empty bit-string literal in a SQL statement.\nThis issue only caused a temporary denial of service, as the MySQL\ndaemon was automatically restarted after the crash. (CVE-2008-3963)\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogs user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specifically-crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in\n'/etc/my.cnf') must be enabled. This logging is not enabled by\ndefault.\n\nThis update also fixes multiple bugs. Details regarding these bugs can\nbe found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can\nfind a link to the Technical Notes in the References section of this\nerrata.\n\nNote: These updated packages upgrade MySQL to version 5.0.77 to\nincorporate numerous upstream bug fixes. Details of these changes are\nfound in the following MySQL Release Notes:\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich resolve these issues. After installing this update, the MySQL\nserver daemon (mysqld) will be restarted automatically.", "edition": 28, "published": "2013-01-24T00:00:00", "title": "RHEL 5 : mysql (RHSA-2009:1289)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:mysql-bench", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2009-1289.NASL", "href": "https://www.tenable.com/plugins/nessus/63890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1289. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63890);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-3963\", \"CVE-2008-4097\", \"CVE-2008-4098\", \"CVE-2008-4456\", \"CVE-2009-2446\");\n script_bugtraq_id(29106, 31081, 31486, 35609);\n script_xref(name:\"RHSA\", value:\"2009:1289\");\n\n script_name(english:\"RHEL 5 : mysql (RHSA-2009:1289)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix various security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: This attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nA flaw was found in the way MySQL handles an empty bit-string literal.\nA remote, authenticated attacker could crash the MySQL server daemon\n(mysqld) if they used an empty bit-string literal in a SQL statement.\nThis issue only caused a temporary denial of service, as the MySQL\ndaemon was automatically restarted after the crash. (CVE-2008-3963)\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogs user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specifically-crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in\n'/etc/my.cnf') must be enabled. This logging is not enabled by\ndefault.\n\nThis update also fixes multiple bugs. Details regarding these bugs can\nbe found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can\nfind a link to the Technical Notes in the References section of this\nerrata.\n\nNote: These updated packages upgrade MySQL to version 5.0.77 to\nincorporate numerous upstream bug fixes. Details of these changes are\nfound in the following MySQL Release Notes:\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich resolve these issues. After installing this update, the MySQL\nserver daemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2446\"\n );\n # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1289\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(59, 79, 134, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1289\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"mysql-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql-bench-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql-bench-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql-bench-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mysql-devel-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql-server-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql-server-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql-server-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mysql-test-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mysql-test-5.0.77-3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mysql-test-5.0.77-3.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server / mysql-test\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:53", "description": "Updated mysql packages that fix various security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: This attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nA flaw was found in the way MySQL handles an empty bit-string literal.\nA remote, authenticated attacker could crash the MySQL server daemon\n(mysqld) if they used an empty bit-string literal in a SQL statement.\nThis issue only caused a temporary denial of service, as the MySQL\ndaemon was automatically restarted after the crash. (CVE-2008-3963)\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogs user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specifically-crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in\n'/etc/my.cnf') must be enabled. This logging is not enabled by\ndefault.\n\nThis update also fixes multiple bugs. Details regarding these bugs can\nbe found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can\nfind a link to the Technical Notes in the References section of this\nerrata.\n\nNote: These updated packages upgrade MySQL to version 5.0.77 to\nincorporate numerous upstream bug fixes. Details of these changes are\nfound in the following MySQL Release Notes:\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich resolve these issues. After installing this update, the MySQL\nserver daemon (mysqld) will be restarted automatically.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : mysql (CESA-2009:1289)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-3963", "CVE-2008-2079"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mysql-devel", "p-cpe:/a:centos:centos:mysql-server", "p-cpe:/a:centos:centos:mysql-bench", "p-cpe:/a:centos:centos:mysql-test", "p-cpe:/a:centos:centos:mysql", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1289.NASL", "href": "https://www.tenable.com/plugins/nessus/43782", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1289 and \n# CentOS Errata and Security Advisory 2009:1289 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43782);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-3963\", \"CVE-2008-4097\", \"CVE-2008-4098\", \"CVE-2008-4456\", \"CVE-2009-2446\");\n script_bugtraq_id(29106, 31081, 31486, 35609);\n script_xref(name:\"RHSA\", value:\"2009:1289\");\n\n script_name(english:\"CentOS 5 : mysql (CESA-2009:1289)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix various security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: This attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nA flaw was found in the way MySQL handles an empty bit-string literal.\nA remote, authenticated attacker could crash the MySQL server daemon\n(mysqld) if they used an empty bit-string literal in a SQL statement.\nThis issue only caused a temporary denial of service, as the MySQL\ndaemon was automatically restarted after the crash. (CVE-2008-3963)\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogs user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specifically-crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in\n'/etc/my.cnf') must be enabled. This logging is not enabled by\ndefault.\n\nThis update also fixes multiple bugs. Details regarding these bugs can\nbe found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can\nfind a link to the Technical Notes in the References section of this\nerrata.\n\nNote: These updated packages upgrade MySQL to version 5.0.77 to\nincorporate numerous upstream bug fixes. Details of these changes are\nfound in the following MySQL Release Notes:\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich resolve these issues. After installing this update, the MySQL\nserver daemon (mysqld) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016143.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2dff93f8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016144.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8cfac3b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(59, 79, 134, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql-5.0.77-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql-bench-5.0.77-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql-devel-5.0.77-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql-server-5.0.77-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mysql-test-5.0.77-3.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server / mysql-test\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:28", "description": "Updated mysql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMultiple flaws were discovered in the way MySQL handled symbolic links\nto tables created using the DATA DIRECTORY and INDEX DIRECTORY\ndirectives in CREATE TABLE statements. An attacker with CREATE and\nDROP table privileges and shell access to the database server could\nuse these flaws to escalate their database privileges, or gain access\nto tables created by other database users. (CVE-2008-4098,\nCVE-2009-4030)\n\nNote: Due to the security risks and previous security issues related\nto the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users\nnot depending on this feature should consider disabling it by adding\n'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf'\nconfiguration file. In this update, an example of such a configuration\nwas added to the default 'my.cnf' file.\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogged user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specially crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in 'my.cnf')\nmust be enabled. This logging is not enabled by default.\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling this update, the MySQL server daemon (mysqld) will be\nrestarted automatically.", "edition": 27, "published": "2010-02-17T00:00:00", "title": "RHEL 4 : mysql (RHSA-2010:0110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2009-4030", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "modified": "2010-02-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:mysql-bench", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2010-0110.NASL", "href": "https://www.tenable.com/plugins/nessus/44635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0110. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44635);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\", \"CVE-2008-4456\", \"CVE-2009-2446\", \"CVE-2009-4030\");\n script_bugtraq_id(29106, 31486, 35609, 37075);\n script_xref(name:\"RHSA\", value:\"2010:0110\");\n\n script_name(english:\"RHEL 4 : mysql (RHSA-2010:0110)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMultiple flaws were discovered in the way MySQL handled symbolic links\nto tables created using the DATA DIRECTORY and INDEX DIRECTORY\ndirectives in CREATE TABLE statements. An attacker with CREATE and\nDROP table privileges and shell access to the database server could\nuse these flaws to escalate their database privileges, or gain access\nto tables created by other database users. (CVE-2008-4098,\nCVE-2009-4030)\n\nNote: Due to the security risks and previous security issues related\nto the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users\nnot depending on this feature should consider disabling it by adding\n'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf'\nconfiguration file. In this update, an example of such a configuration\nwas added to the default 'my.cnf' file.\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogged user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specially crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in 'my.cnf')\nmust be enabled. This logging is not enabled by default.\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling this update, the MySQL server daemon (mysqld) will be\nrestarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4030\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/symbolic-links-to-tables.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/symbolic-links-to-tables.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(59, 79, 134, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0110\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-4.1.22-2.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-bench-4.1.22-2.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-devel-4.1.22-2.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-server-4.1.22-2.el4_8.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:09", "description": "Updated mysql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMultiple flaws were discovered in the way MySQL handled symbolic links\nto tables created using the DATA DIRECTORY and INDEX DIRECTORY\ndirectives in CREATE TABLE statements. An attacker with CREATE and\nDROP table privileges and shell access to the database server could\nuse these flaws to escalate their database privileges, or gain access\nto tables created by other database users. (CVE-2008-4098,\nCVE-2009-4030)\n\nNote: Due to the security risks and previous security issues related\nto the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users\nnot depending on this feature should consider disabling it by adding\n'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf'\nconfiguration file. In this update, an example of such a configuration\nwas added to the default 'my.cnf' file.\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogged user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specially crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in 'my.cnf')\nmust be enabled. This logging is not enabled by default.\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling this update, the MySQL server daemon (mysqld) will be\nrestarted automatically.", "edition": 27, "published": "2010-02-18T00:00:00", "title": "CentOS 4 : mysql (CESA-2010:0110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2009-4030", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-2079"], "modified": "2010-02-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mysql-devel", "p-cpe:/a:centos:centos:mysql-server", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:mysql-bench", "p-cpe:/a:centos:centos:mysql"], "id": "CENTOS_RHSA-2010-0110.NASL", "href": "https://www.tenable.com/plugins/nessus/44647", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0110 and \n# CentOS Errata and Security Advisory 2010:0110 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44647);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2079\", \"CVE-2008-4097\", \"CVE-2008-4098\", \"CVE-2008-4456\", \"CVE-2009-2446\", \"CVE-2009-4030\");\n script_bugtraq_id(29106, 31486, 35609, 37075);\n script_xref(name:\"RHSA\", value:\"2010:0110\");\n\n script_name(english:\"CentOS 4 : mysql (CESA-2010:0110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nMultiple flaws were discovered in the way MySQL handled symbolic links\nto tables created using the DATA DIRECTORY and INDEX DIRECTORY\ndirectives in CREATE TABLE statements. An attacker with CREATE and\nDROP table privileges and shell access to the database server could\nuse these flaws to escalate their database privileges, or gain access\nto tables created by other database users. (CVE-2008-4098,\nCVE-2009-4030)\n\nNote: Due to the security risks and previous security issues related\nto the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users\nnot depending on this feature should consider disabling it by adding\n'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf'\nconfiguration file. In this update, an example of such a configuration\nwas added to the default 'my.cnf' file.\n\nAn insufficient HTML entities quoting flaw was found in the mysql\ncommand line client's HTML output mode. If an attacker was able to\ninject arbitrary HTML tags into data stored in a MySQL database, which\nwas later retrieved using the mysql command line client and its HTML\noutput mode, they could perform a cross-site scripting (XSS) attack\nagainst victims viewing the HTML output in a web browser.\n(CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server\nlogged user commands when creating and deleting databases. A remote,\nauthenticated attacker with permissions to CREATE and DROP databases\ncould use these flaws to formulate a specially crafted SQL command\nthat would cause a temporary denial of service (open connections to\nmysqld are terminated). (CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the\nmysqld '--log' command line option or the 'log' option in 'my.cnf')\nmust be enabled. This logging is not enabled by default.\n\nAll MySQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling this update, the MySQL server daemon (mysqld) will be\nrestarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016501.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?921fbb74\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016502.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f392f38e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(59, 79, 134, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"mysql-4.1.22-2.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"mysql-4.1.22-2.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"mysql-bench-4.1.22-2.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"mysql-bench-4.1.22-2.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"mysql-devel-4.1.22-2.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"mysql-devel-4.1.22-2.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"mysql-server-4.1.22-2.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"mysql-server-4.1.22-2.el4_8.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:29:53", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4097", "CVE-2008-4098"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1662-1 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nNovember 06, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : mysql-dfsg-5.0\nVulnerability : authorization bypass\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2008-4098\nDebian Bug : 480292\n\nA symlink traversal vulnerability was discovered in MySQL, a\nrelational database server. The weakness could permit an attacker\nhaving both CREATE TABLE access to a database and the ability to\nexecute shell commands on the database server to bypass MySQL access\ncontrols, enabling them to write to tables in databases to which they\nwould not ordinarily have access.\n\nThe Common Vulnerabilities and Exposures project identifies this\nvulnerability as CVE-2008-4098. Note that a closely aligned issue,\nidentified as CVE-2008-4097, was prevented by the update announced in\nDSA-1608-1. This new update supercedes that fix and mitigates both\npotential attack vectors.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch8.\n\nWe recommend that you upgrade your mysql packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz\n Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.dsc\n Size/MD5 checksum: 1117 6456a5396b56431a31e2121805ef3208\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.diff.gz\n Size/MD5 checksum: 269277 bc749451446872ac8c8567ed60b0eea6\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch8_all.deb\n Size/MD5 checksum: 48142 761dce88bf46026622550e503800d4c3\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch8_all.deb\n Size/MD5 checksum: 54452 64140dddeb7bd50098ddc6222b4d2939\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch8_all.deb\n Size/MD5 checksum: 46068 0a67c6a61d08bf716c0af68da1585563\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_alpha.deb\n Size/MD5 checksum: 8405572 ceda4648a1bbc48f087f8763350c04e7\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_alpha.deb\n Size/MD5 checksum: 27385278 b5435c8d77f64e1855300e1988570333\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_alpha.deb\n Size/MD5 checksum: 8909972 e76dc32887c4baf25721eff971aa9d60\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_alpha.deb\n Size/MD5 checksum: 48170 c6eb1472bb6cf4fad708c23dd9a78cf8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_alpha.deb\n Size/MD5 checksum: 1947544 73d751f95dc5604d159df910a3157f45\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_amd64.deb\n Size/MD5 checksum: 1831314 6ed359b8f2fb92c5c9846a3743e4b0f8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_amd64.deb\n Size/MD5 checksum: 7549266 ca948f5c66f2172927acd9e5cbf7c9ae\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_amd64.deb\n Size/MD5 checksum: 7371842 7ff54b963be65b5e7d18425cd313bbcb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_amd64.deb\n Size/MD5 checksum: 48178 127af2553cc1fd9e89f1f69a2eb44709\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_amd64.deb\n Size/MD5 checksum: 25813464 06dc8568f055c04dc4ddfd19de79a704\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_arm.deb\n Size/MD5 checksum: 48230 2a5b1b7b2ed8c94301fc60bd49be7991\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_arm.deb\n Size/MD5 checksum: 7208004 9e268d05c77d521dbe0366961534cdf2\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_arm.deb\n Size/MD5 checksum: 25347882 b89ba96f815a27ebe70014d8c16e6bc0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_arm.deb\n Size/MD5 checksum: 6930850 21ec3a8f5a6634454db8dec30fea9e65\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_arm.deb\n Size/MD5 checksum: 1748390 1877d302ebc91e8ccf104ba2d75479a6\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_hppa.deb\n Size/MD5 checksum: 27178846 d5b6eb3072bb2e8f2d114b182701a736\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_hppa.deb\n Size/MD5 checksum: 8060958 f4d89fec611eb37939d98f3e52391b21\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_hppa.deb\n Size/MD5 checksum: 48174 be34e4d2b05e4b294f5a3396611d4126\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_hppa.deb\n Size/MD5 checksum: 1920860 8ef8d38dc53e5f81eebcad330103062a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_hppa.deb\n Size/MD5 checksum: 8003664 50496388e230ba0e337fadb5611c1bec\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_i386.deb\n Size/MD5 checksum: 1792994 2ee1e253198f7f67be79b40fbcee703a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_i386.deb\n Size/MD5 checksum: 6961428 8be34f2ed518aa47148502b93e468ac0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_i386.deb\n Size/MD5 checksum: 25233474 cf39de0d83a65da443fb77e37976d19b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_i386.deb\n Size/MD5 checksum: 7199354 d144813e5cd27c684cb8ff45a987159e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_i386.deb\n Size/MD5 checksum: 48166 2f4ab0db379d477d4ea15191a1ff4a7c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_ia64.deb\n Size/MD5 checksum: 2115810 09e39bed782c6c2e7d689aa999adbfb1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_ia64.deb\n Size/MD5 checksum: 10342902 c091c2d6b6f02d120b513f07ecada159\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_ia64.deb\n Size/MD5 checksum: 9739330 f158dd90752b99efe92bca049b991696\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_ia64.deb\n Size/MD5 checksum: 30403740 c3daa72e6e34c54f8053887a52395e36\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_ia64.deb\n Size/MD5 checksum: 48170 b9f94375cccf2cb2a3aff60b232b400b\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_mips.deb\n Size/MD5 checksum: 7674430 311032237de0d11e91d591b006ab6e60\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_mips.deb\n Size/MD5 checksum: 48214 0751225fd59fce147105362c6cc30b16\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_mips.deb\n Size/MD5 checksum: 7759738 74a1bd32b13f0c57f67100b6c0422d6e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_mips.deb\n Size/MD5 checksum: 1835426 f425af4483842630558bdcaaba7ac1ee\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_mips.deb\n Size/MD5 checksum: 26472386 ed2e2a0eb36de7424d5bd03ab8f3b8f7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_mipsel.deb\n Size/MD5 checksum: 25846914 766bcfbde62e9f75fc09f8892b1f6095\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_mipsel.deb\n Size/MD5 checksum: 7563074 fb084ab6a02dcf12fde22c740d6d63ac\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_mipsel.deb\n Size/MD5 checksum: 7642196 c58f251badf84dd7527f6bcf74bc1846\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_mipsel.deb\n Size/MD5 checksum: 48174 92fe38d06aac7ca0a1ff1a26f5858704\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_mipsel.deb\n Size/MD5 checksum: 1789960 0864b73e16d14ed1776879d3ef2ab5c1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_powerpc.deb\n Size/MD5 checksum: 7575148 351f97505dde5ce74808b38008a04d1f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_powerpc.deb\n Size/MD5 checksum: 7513654 5d9f12246f363b4eaab281e6c37ccf48\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_powerpc.deb\n Size/MD5 checksum: 26169508 81c25c622b35bec7d709f8fef4b3ba03\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_powerpc.deb\n Size/MD5 checksum: 48174 43cdd4b621fa97e345162fb5a11c3321\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_powerpc.deb\n Size/MD5 checksum: 1833008 a031cdc91532615006e3433ea1a2b9cc\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_s390.deb\n Size/MD5 checksum: 48172 b15d4493389f2d371d933b3cfec9dbfa\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_s390.deb\n Size/MD5 checksum: 7508416 7950a277db319634c2a61162c531d9f8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_s390.deb\n Size/MD5 checksum: 1952408 4035d4b30041b76cdad65f5093d0191e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_s390.deb\n Size/MD5 checksum: 26765686 38ad49284aa88c6157c496f5583e81b4\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_s390.deb\n Size/MD5 checksum: 7414890 b61ee866d423474e4e76e68527d09b31\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_sparc.deb\n Size/MD5 checksum: 7159698 8ec6e96934ed76dbae21d28ebb701f02\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_sparc.deb\n Size/MD5 checksum: 25578698 e0cd9496cac89eb22ba854b3e10ca96b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_sparc.deb\n Size/MD5 checksum: 7028544 fa58c135613be17bd723fea6c4f4de0d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_sparc.deb\n Size/MD5 checksum: 1798226 b1a13379770a9b860a6328176c93eecd\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_sparc.deb\n Size/MD5 checksum: 48218 9e6c78e0ae63d91c3361ff106ca0d4a7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-11-06T04:20:08", "published": "2008-11-06T04:20:08", "id": "DEBIAN:DSA-1662-1:D64CF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00254.html", "title": "[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:29:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1608-1 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nJuly 13, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : mysql-dfsg-5.0\nVulnerability : authorization bypass\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-2079\nDebian Bug : 480292\n\nSergei Golubchik discovered that MySQL, a widely-deployed database\nserver, did not properly validate optional data or index directory\npaths given in a CREATE TABLE statement, nor would it (under proper\nconditions) prevent two databases from using the same paths for data\nor index files. This permits an authenticated user with authorization\nto create tables in one database to read, write or delete data from\ntables subsequently created in other databases, regardless of other\nGRANT authorizations. The Common Vulnerabilities and Exposures\nproject identifies this weakness as CVE-2008-2079.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch6. Note that the fix applied will have the\nconsequence of disallowing the selection of data or index paths\nunder the database root, which on a Debian system is /var/lib/mysql;\ndatabase administrators needing to control the placement of these\nfiles under that location must do so through other means.\n\nWe recommend that you upgrade your mysql-dfsg-5.0 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.diff.gz\n Size/MD5 checksum: 266482 42faf9d31d5bf1674d5b241ff49341cf\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz\n Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.dsc\n Size/MD5 checksum: 1117 367176f5e877cf3c46c662b87275f901\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch6_all.deb\n Size/MD5 checksum: 45888 48a61918f72d865970ef48bc4eeb3466\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch6_all.deb\n Size/MD5 checksum: 54220 72f5ee84fa60b0871600fbe5fd4f5a74\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch6_all.deb\n Size/MD5 checksum: 47968 e8a2d9a5f13043c67a3d9ba4caa57a3c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 1947356 1cd753a88978d41452bffc772323eb83\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 8909108 61b392dc0be2b82c3e6a5657ad06fca8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 27381852 9e9fc87afceae3cb7c157369843a30ad\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 47992 8798c205394f39c843df143db2ba37af\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_alpha.deb\n Size/MD5 checksum: 8405314 f52f8049cb3080bca02eeba5c2e14a1d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 47990 3662d9f51257c5fc57e7a20b90a6f33d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 7371044 0fd9eb3504a9958b1f709a48649b41c0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 25815708 3fd278cba985110a578fc8d5bc76f8e9\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 1830958 6cc454236571032d4c723a4084cae535\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_amd64.deb\n Size/MD5 checksum: 7548576 ce08e3855077d14ddf73d70362faaaf1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 1748158 271c0b333e4404ac1a3230e13e182c70\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 6930330 70477965987251fa25ace71df5c200f7\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 25345976 f7908a64856451893285ebaebb4f6125\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 48034 90284b682bc77e4401c216f3f49d8995\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_arm.deb\n Size/MD5 checksum: 7205572 7ebe1cb99dbb00a4db7ee387c2533a44\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 8054566 6ed6093c2dae6999126eacf5309e4474\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 47990 688427cc2115f9260546013364aca60b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 1922788 5645332118ae75b274e760c448150f1b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 27172760 bc2bfe60a4ff106fade4da459e07a5eb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_hppa.deb\n Size/MD5 checksum: 8004968 53ba9f2f9c169765ad97900efb5f9c1a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 1792338 2bfed729400306f35a68d210af5a6666\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 7198430 0c542cde542474c58468b52f97890ec2\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 6959158 2c879cabd32fec019ebbf110b43c9e62\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 47990 ba04b03ff5cfb960c9a7b461fe879928\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_i386.deb\n Size/MD5 checksum: 25225784 2382d6a8f5e57dc84060b51116b03833\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 2115542 0bb8b1f251231f14bfa27f0138f01a5d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 9737938 41806cfb4504905e6be20f3047aefdf0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 30409676 b6f620c479e5d2a1aa9f9e20e5382849\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 47992 a6d309557d081dc76b60c359977cf805\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_ia64.deb\n Size/MD5 checksum: 10342514 25e2a3dbf910557ed1899ef1dce83cd8\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 48020 7192dc50d43ca3d5710bfe2501fd0ee1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 26471616 c8f937742bb947ed1994ee4bfb59f4ea\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 1835022 b6d0c5c0eb384329ec2678b43380d8fb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 7759368 7121a9cfcdbf26a89fc95e00113a20fb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mips.deb\n Size/MD5 checksum: 7672846 5fbe3662bc253bda3ccf62c8c78d7cf4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 7641076 937625ccc622b46c4c6a5cffeda033ec\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 1789730 90d351c1551367cc5e77d008236402cd\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 25845336 ed42a4ccbb7057dc660197fee3566682\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 47992 1c0eb8257b01d13b4bf0f70d97612e67\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mipsel.deb\n Size/MD5 checksum: 7561054 d5fbe5e214b39736f6eb13c2633fd102\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 7573142 49364df9e5cd4842fd9f72a40589d18c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 47990 1eceb3165524be6ce46a6a1cab526a24\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 7512578 e78ebeed9529c4bddd4976a1181d86e6\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 26165058 0c20e4fb11a5b89b572d177b86cde355\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_powerpc.deb\n Size/MD5 checksum: 1832632 7e633b4febc3d0bfcb6c993cf85574c0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 7414202 4ff1d98b4b41543fdb24fc3be75b2835\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 47988 8734d7200d69ed73cda3c80ec9115247\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 7507338 921ca2feff00e5d2c0a36e34403538f0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 1952002 ca93cf34f53f7d2c3094157142df632f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_s390.deb\n Size/MD5 checksum: 26764624 d785bab765139dcb98872a2b96b85909\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 1797778 6df91c9bce65192cdb3063c3111e941d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 47992 b7d1d6f2ff76ef9bcf126d2dd773bb72\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 7014210 f23cf47cc8b16e28f22c1a13b4a6936c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 25426696 16bfb42f9a4dab6146df47568da158df\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_sparc.deb\n Size/MD5 checksum: 7153268 811916b6dec1eeae2ddb9822dacea994\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 3, "modified": "2008-07-13T04:55:27", "published": "2008-07-13T04:55:27", "id": "DEBIAN:DSA-1608-1:D1E27", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00189.html", "title": "[SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "The Red Hat Application Stack is an integrated open source application\nstack, and includes JBoss Enterprise Application Platform (EAP).\n\nStarting with this update, JBoss EAP is no longer provided via the\nApplication Stack channels. Instead, all Application Stack customers are\nautomatically entitled to the JBoss EAP channels. This ensures all users\nhave immediate access to JBoss EAP packages when they are released,\nensuring lesser wait for security and critical patches.\n\nAs a result, you must MANUALLY subscribe to the appropriate JBoss EAP\nchannel, as all further JBoss EAP updates will only go to that channel.\n\nThis update also entitles all customers to the JBoss EAP 4.3.0 channels.\nUsers receive support for JBoss EAP 4.3.0 if they choose to install it.\nImportant: downgrading from JBoss EAP 4.3.0 to 4.2.0 is unsupported.\n\nMySQL was updated to version 5.0.50sp1a, fixing the following security\nissue:\n\nMySQL did not correctly check directories used as arguments for the DATA\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\nattacker could elevate their access privileges to tables created by other\ndatabase users. Note: this attack does not work on existing tables. An\nattacker can only elevate their access to another user's tables as the\ntables are created. As well, the names of these created tables need to be\npredicted correctly for this attack to succeed. (CVE-2008-2079)\n\nThe following packages are updated:\n\n* httpd to 2.0.63\n* mod_jk to 1.2.26\n* the MySQL Connector/ODBC to 3.51.24r1071\n* perl-DBD-MySQL to 4.006\n* perl-DBI to 1.604\n* postgresqlclient7 to 7.4.19\n* postgresql-jdbc to 8.1.412\n* unixODBC to 2.2.12", "modified": "2019-03-22T23:44:39", "published": "2008-07-02T04:00:00", "id": "RHSA-2008:0510", "href": "https://access.redhat.com/errata/RHSA-2008:0510", "type": "redhat", "title": "(RHSA-2008:0510) Moderate: Red Hat Application Stack v1.3 security and enhancement update", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4098", "CVE-2008-4456", "CVE-2009-2446", "CVE-2009-4030"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nMultiple flaws were discovered in the way MySQL handled symbolic links to\ntables created using the DATA DIRECTORY and INDEX DIRECTORY directives in\nCREATE TABLE statements. An attacker with CREATE and DROP table privileges\nand shell access to the database server could use these flaws to escalate\ntheir database privileges, or gain access to tables created by other\ndatabase users. (CVE-2008-4098, CVE-2009-4030)\n\nNote: Due to the security risks and previous security issues related to the\nuse of the DATA DIRECTORY and INDEX DIRECTORY directives, users not\ndepending on this feature should consider disabling it by adding\n\"symbolic-links=0\" to the \"[mysqld]\" section of the \"my.cnf\" configuration\nfile. In this update, an example of such a configuration was added to the\ndefault \"my.cnf\" file.\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logged\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specially-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.", "modified": "2017-09-08T12:14:25", "published": "2010-02-16T05:00:00", "id": "RHSA-2010:0110", "href": "https://access.redhat.com/errata/RHSA-2010:0110", "type": "redhat", "title": "(RHSA-2010:0110) Moderate: mysql security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:42:20", "description": "BUGTRAQ ID: 29106&lt;br /&gt;\r\nCVE(CAN) ID: CVE-2008-2079&lt;br /&gt;\r\n&lt;br /&gt;\r\nMySQL\u662f\u4e00\u6b3e\u4f7f\u7528\u975e\u5e38\u5e7f\u6cdb\u7684\u5f00\u653e\u6e90\u4ee3\u7801\u5173\u7cfb\u6570\u636e\u5e93\u7cfb\u7edf\uff0c\u62e5\u6709\u5404\u79cd\u5e73\u53f0\u7684\u8fd0\u884c\u7248\u672c\u3002&lt;br /&gt;\r\n&lt;br /&gt;\r\n\u5f53\u7528\u6237\u5728MySQL\u6570\u636e\u5e93\u4e2d\u4ee5\u4ee5\u4e0b\u9009\u9879\u521b\u5efaMyISAM\u8868\u65f6\uff1a&lt;br /&gt;\r\n&lt;br /&gt;\r\n CREATE TABLE ( ) DATA DIRECTORY ... INDEX DIRECTORY ...&lt;br /&gt;\r\n&lt;br /&gt;\r\n\u5c31\u53ef\u80fd\u8986\u76d6MySQL\u6570\u636e\u76ee\u5f55\u4e2d\u7684\u5df2\u6709\u8868\u683c\u6587\u4ef6\uff0c\u7ed5\u8fc7\u6743\u9650\u68c0\u67e5\u5728\u5176\u4ed6\u6570\u636e\u5e93\u4e2d\u521b\u5efa\u8868\u683c\u3002&lt;br /&gt;\r\n&lt;br /&gt;\r\n\n\nMySQL AB MySQL 5.0\r\nMySQL AB MySQL 4.x\n MySQL AB\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mysql.com/ target=_blank>http://www.mysql.com/</a>", "published": "2008-05-12T00:00:00", "type": "seebug", "title": "MySQL MyISAM\u8868\u7ed5\u8fc7\u6743\u9650\u68c0\u67e5\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2079"], "modified": "2008-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3280", "id": "SSV:3280", "sourceData": "\n root&gt;\u00a0grant\u00a0all\u00a0privileges\u00a0on\u00a0test.*\u00a0to\u00a0test@localhost;&lt;br /&gt;\r\n&lt;br /&gt;\r\ntest&gt;\u00a0create\u00a0table\u00a0t1\u00a0(a\u00a0int)\u00a0data\u00a0directory\u00a0'/MySQL/var/mysql',\u00a0index\u00a0directory&lt;br /&gt;\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3280", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2079"], "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. \n\n### Description\n\nSergei Golubchik reported that MySQL imposes no restrictions on the specification of \"DATA DIRECTORY\" or \"INDEX DIRECTORY\" in SQL \"CREATE TABLE\" statements. \n\n### Impact\n\nAn authenticated remote attacker could create MyISAM tables, specifying DATA or INDEX directories that contain future table files by other database users, or existing table files in the MySQL data directory, gaining access to those tables. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MySQL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.0.60-r1\"", "edition": 1, "modified": "2008-09-04T00:00:00", "published": "2008-09-04T00:00:00", "id": "GLSA-200809-04", "href": "https://security.gentoo.org/glsa/200809-04", "type": "gentoo", "title": "MySQL: Privilege bypass", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2009-4030", "CVE-2008-4098"], "description": "[4.1.22-2.el4.3]\n- Add comment suggesting disabling symbolic links in /etc/my.cnf\n[4.1.22-2.el4.2]\n- Add fixes for CVE-2008-4098, CVE-2009-4030 (two successive attempts to fix\n DATA/INDEX DIRECTORY vulnerabilities) and CVE-2008-4456 (mysql command line\n client XSS flaw)\nResolves: #512255\n[4.1.22-2.el4.1]\n- Add fix for CVE-2009-2446 (format string vulnerability in COM_CREATE_DB and\n COM_DROP_DB processing)\nResolves: #512255 ", "edition": 4, "modified": "2010-02-16T00:00:00", "published": "2010-02-16T00:00:00", "id": "ELSA-2010-0110", "href": "http://linux.oracle.com/errata/ELSA-2010-0110.html", "title": "mysql security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:31:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2009-4030", "CVE-2008-4098"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0110\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nMultiple flaws were discovered in the way MySQL handled symbolic links to\ntables created using the DATA DIRECTORY and INDEX DIRECTORY directives in\nCREATE TABLE statements. An attacker with CREATE and DROP table privileges\nand shell access to the database server could use these flaws to escalate\ntheir database privileges, or gain access to tables created by other\ndatabase users. (CVE-2008-4098, CVE-2009-4030)\n\nNote: Due to the security risks and previous security issues related to the\nuse of the DATA DIRECTORY and INDEX DIRECTORY directives, users not\ndepending on this feature should consider disabling it by adding\n\"symbolic-links=0\" to the \"[mysqld]\" section of the \"my.cnf\" configuration\nfile. In this update, an example of such a configuration was added to the\ndefault \"my.cnf\" file.\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logged\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specially-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/028539.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/028540.html\n\n**Affected packages:**\nmysql\nmysql-bench\nmysql-devel\nmysql-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0110.html", "edition": 5, "modified": "2010-02-17T16:42:49", "published": "2010-02-17T16:42:25", "href": "http://lists.centos.org/pipermail/centos-announce/2010-February/028539.html", "id": "CESA-2010:0110", "title": "mysql security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}]}