Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2003-057.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : MySQL (MDKSA-2003:057)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
13
JSON

In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the ‘SELECT * INTO OUTFILE’ operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon.

This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:057. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14041);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2003-0150");
  script_xref(name:"MDKSA", value:"2003:057");

  script_name(english:"Mandrake Linux Security Advisory : MySQL (MDKSA-2003:057)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"In MySQL 3.23.55 and earlier, MySQL would create world-writeable files
and allow mysql users to gain root privileges by using the 'SELECT *
INTO OUTFILE' operator to overwrite a configuration file, which could
cause mysql to run as root upon restarting the daemon.

This has been fixed upstream in version 3.23.56, which is provided for
Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated
packages have been patched to correct this issue."
  );
  # http://www.mysql.com/doc/en/News-3.23.56.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://dev.mysql.com/doc/refman/4.1/en/news-3-23-56.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-Max");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql10-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-3.23.47-5.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-bench-3.23.47-5.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-client-3.23.47-5.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libmysql10-3.23.47-5.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libmysql10-devel-3.23.47-5.4mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-3.23.56-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-Max-3.23.56-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-bench-3.23.56-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-client-3.23.56-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libmysql10-3.23.56-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libmysql10-devel-3.23.56-1.3mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxmysqlp-cpe:/a:mandriva:linux:mysql
mandrivalinuxmysql-maxp-cpe:/a:mandriva:linux:mysql-max
mandrivalinuxmysql-benchp-cpe:/a:mandriva:linux:mysql-bench
mandrivalinuxmysql-clientp-cpe:/a:mandriva:linux:mysql-client
mandrivalinuxlibmysql10p-cpe:/a:mandriva:linux:libmysql10
mandrivalinuxlibmysql10-develp-cpe:/a:mandriva:linux:libmysql10-devel
mandrakesoftmandrake_linux8.2cpe:/o:mandrakesoft:mandrake_linux:8.2
mandrakesoftmandrake_linux9.0cpe:/o:mandrakesoft:mandrake_linux:9.0

Related

openvas 3
nessus 4
cert 1
cve 1
debian 1
redhat 1
osv 1
packetstorm 1
seebug 1
openvas
openvas
MySQL < 3.23.56 'mysqld' Privilege Escalation Vulnerability
2005-11-03 00:00:00
Debian Security Advisory DSA 303-1 (mysql)
2008-01-17 00:00:00
Debian Security Advisory DSA 303-1 (mysql)
2008-01-17 00:00:00
nessus
nessus
MySQL datadir/my.cnf Modification Privilege Escalation
2003-03-14 00:00:00
MySQL < 3.23.56 Writable Configuration Files
2012-01-18 00:00:00
RHEL 2.1 : mysql (RHSA-2003:094)
2004-07-06 00:00:00
cert
cert
MySQL allows default user to be changed to root via custom "my.cnf" file
2003-03-18 00:00:00
cve
cve
CVE-2003-0150
2003-03-24 05:00:00
debian
debian
[SECURITY] [DSA-303-1] New mysql packages fix multiple vulnerabilities
2003-05-16 00:13:30
redhat
redhat
(RHSA-2003:094) mysql security update
2003-04-28 00:00:00
osv
osv
mysql - privilege escalation
2003-05-15 00:00:00
packetstorm
packetstorm
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
2016-09-12 00:00:00
seebug
seebug
MySQL <= 5.7.15 remote Root code execution vulnerability
2016-09-13 00:00:00
JSON
Related for MANDRAKE_MDKSA-2003-057.NASL
openvas3nessus4cert1cve1debian1redhat1osv1packetstorm1seebug1