Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2003-094.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : MySQL (MDKSA-2003:094)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
15

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.914 High

EPSS

Percentile

98.9%

JSON

A buffer overflow was discovered in MySQL that could be executed by any user with ‘ALTER TABLE’ privileges on the ‘mysql’ database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The ‘mysql’ database is used by MySQL for internal record keeping and by default only the ‘root’ user, or MySQL administrative account, has permission to alter its tables.

This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:094. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14076);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2003-0780");
  script_xref(name:"MDKSA", value:"2003:094");

  script_name(english:"Mandrake Linux Security Advisory : MySQL (MDKSA-2003:094)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow was discovered in MySQL that could be executed by
any user with 'ALTER TABLE' privileges on the 'mysql' database. If
successfully exploited, the attacker could execute arbitrary code with
the privileges of the user running the mysqld process (mysqld). The
'mysql' database is used by MySQL for internal record keeping and by
default only the 'root' user, or MySQL administrative account, has
permission to alter its tables.

This vulnerability was corrected in MySQL 4.0.15 and all previous
versions are vulnerable. These packages have been patched to correct
the problem."
  );
  # http://web.archive.org/web/20050308183850/http://lists.netsys.com:80/pipermail/full-disclosure/2003-September/009819.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6e5ad47e"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-Max");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql10-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql12-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-3.23.47-5.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-bench-3.23.47-5.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-client-3.23.47-5.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libmysql10-3.23.47-5.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libmysql10-devel-3.23.47-5.5mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-3.23.56-1.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-Max-3.23.56-1.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-bench-3.23.56-1.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-client-3.23.56-1.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libmysql10-3.23.56-1.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libmysql10-devel-3.23.56-1.4mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-4.0.11a-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-Max-4.0.11a-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-bench-4.0.11a-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-client-4.0.11a-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-common-4.0.11a-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libmysql12-4.0.11a-5.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libmysql12-devel-4.0.11a-5.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxmysqlp-cpe:/a:mandriva:linux:mysql
mandrivalinuxmysql-maxp-cpe:/a:mandriva:linux:mysql-max
mandrivalinuxmysql-benchp-cpe:/a:mandriva:linux:mysql-bench
mandrivalinuxmysql-clientp-cpe:/a:mandriva:linux:mysql-client
mandrivalinuxmysql-commonp-cpe:/a:mandriva:linux:mysql-common
mandrivalinuxlibmysql10p-cpe:/a:mandriva:linux:libmysql10
mandrivalinuxlibmysql10-develp-cpe:/a:mandriva:linux:libmysql10-devel
mandrivalinuxlibmysql12p-cpe:/a:mandriva:linux:libmysql12
mandrivalinuxlibmysql12-develp-cpe:/a:mandriva:linux:libmysql12-devel
mandrakesoftmandrake_linux8.2cpe:/o:mandrakesoft:mandrake_linux:8.2
Rows per page:
1-10 of 121

Related

nessus 3
debian 1
cve 1
cert 1
openvas 2
redhat 1
osv 1
nvd 1
cvelist 1
nessus
nessus
RHEL 2.1 : mysql (RHSA-2003:282)
2004-11-10 00:00:00
Debian DSA-381-1 : mysql - buffer overflow
2004-09-29 00:00:00
MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
2003-09-19 00:00:00
debian
debian
[SECURITY] [DSA-381-1] New mysql packages fix buffer overflow
2003-09-14 02:20:44
cve
cve
CVE-2003-0780
2003-09-22 04:00:00
cert
cert
MySQL fails to validate length of password field
2003-09-15 00:00:00
openvas
openvas
Debian Security Advisory DSA 381-1 (mysql)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-381)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2003:282) mysql security update
2003-10-09 00:00:00
osv
osv
mysql - buffer overflow
2003-09-13 00:00:00
nvd
nvd
CVE-2003-0780
2003-09-22 04:00:00
cvelist
cvelist
CVE-2003-0780
2003-09-12 04:00:00

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.914 High

EPSS

Percentile

98.9%

JSON
Related for MANDRAKE_MDKSA-2003-094.NASL
nessus3debian1cve1cert1openvas2redhat1osv1nvd1cvelist1