Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_1_23.NASL
HistoryDec 13, 2007 - 12:00 a.m.

MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities

2007-12-1300:00:00
This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

EPSS

0.031

Percentile

91.2%

JSON

The version of MySQL Server installed on the remote host reportedly is affected by the following issues :

  • It is possible, by creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options, to gain privileges on other tables having the same name as the partitioned table. (Bug #32091)

  • Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information. (Bug #32111).

  • ALTER VIEW retains the original DEFINER value, even when altered by another user, which can allow that user to gain the access rights of the view. (Bug #29908)

  • When using a FEDERATED table, the local server can be forced to crash if the remote server returns a result with fewer columns than expected. (Bug #29801)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(29345);
  script_version("1.18");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id("CVE-2007-5969", "CVE-2007-5970", "CVE-2007-6303", "CVE-2007-6304", "CVE-2007-5925");
  script_bugtraq_id(26765, 26832);

  script_name(english:"MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities");
  script_summary(english:"Checks version of MySQL Server");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by several issues.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL Server installed on the remote host reportedly is
affected by the following issues :

  - It is possible, by creating a partitioned table using 
    the DATA DIRECTORY and INDEX DIRECTORY options, to gain 
    privileges on other tables having the same name as the 
    partitioned table. (Bug #32091)

  - Using RENAME TABLE against a table with explicit DATA
    DIRECTORY and INDEX DIRECTORY options can be used to
    overwrite system table information. (Bug #32111).

  - ALTER VIEW retains the original DEFINER value, even 
    when altered by another user, which can allow that 
    user to gain the access rights of the view. (Bug
    #29908)

  - When using a FEDERATED table, the local server can be 
    forced to crash if the remote server returns a result 
    with fewer columns than expected. (Bug #29801)");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=32091");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=32111");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=29908");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=29801");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html");
  # http://web.archive.org/web/20090621041615/http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e513c99");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL Community Server version 5.1.23 / 6.0.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 264);

  script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_ports("Services/mysql", 3306);
  script_require_keys("Settings/ParanoidReport");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("mysql_func.inc");


# nb: banner checks of open source software are prone to false-
#     positives so only run the check if reporting is paranoid.
if (report_paranoia < 2)
  exit(1, "This plugin only runs if 'Report paranoia' is set to 'Paranoid'.");

port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE);

if (mysql_init(port:port, exit_on_fail:TRUE) == 1)
{
  variant = mysql_get_variant();
  ver = mysql_get_version();

  if (
    "Community" >< variant && 
    ver =~ "^(5\.1\.([0-9]|1[0-9]|2[0-2])|6\.0\.[0-3])($|[^0-9])"
  )
  {
    report =
      '\nThe remote MySQL '+variant+'\'s version is :\n'+
      '\n  '+ver+'\n';
    datadir = get_kb_item('mysql/' + port + '/datadir');
    if (!empty_or_null(datadir))
    {
      report += '  Data Dir          : ' + datadir + '\n';
    }
    databases = get_kb_item('mysql/' + port + '/databases');
    if (!empty_or_null(databases))
    { 
      report += '  Databases         :\n' + databases;
    }
    security_warning(port:port, extra:report);
  }
}
mysql_close();
VendorProductVersionCPE
mysqlmysqlcpe:/a:mysql:mysql

Related

openvas 42
nessus 30
fedora 2
centos 2
f5 2
redhat 2
gentoo 2
altlinux 1
ubuntu 4
oraclelinux 3
seebug 2
slackware 1
debian 3
osv 2
veracode 3
ubuntucve 5
cvelist 5
nvd 7
prion 7
securityvulns 3
cve 7
freebsd 1
photon 1
openvas
openvas
Fedora Update for mysql FEDORA-2007-4465
2009-02-27 00:00:00
Fedora Update for mysql FEDORA-2007-4471
2009-02-27 00:00:00
Fedora Update for mysql FEDORA-2007-4465
2009-02-27 00:00:00
nessus
nessus
CentOS 4 : mysql (CESA-2007:1222-001)
2007-12-24 00:00:00
GLSA-200804-04 : MySQL: Multiple vulnerabilities
2008-04-11 00:00:00
F5 Networks BIG-IP : MySQL vulnerabilities (SOL8178)
2014-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: mysql-5.0.45-6.fc8
2007-12-15 19:25:11
[SECURITY] Fedora 7 Update: mysql-5.0.45-6.fc7
2007-12-15 19:25:51
centos
centos
mysql security update
2007-12-22 14:26:47
mysql security update
2007-12-18 20:47:57
f5
f5
K8178 : MySQL vulnerabilities CVE-2007-5925, CVE-2007-5969, and CVE-2007-6303
2013-03-18 00:00:00
SOL8178 - MySQL vulnerabilities CVE-2007-5925, CVE-2007-5969, and CVE-2007-6303
2008-01-13 00:00:00
redhat
redhat
(RHSA-2007:1157) Important: mysql security update
2007-12-19 00:00:00
(RHSA-2007:1155) Important: mysql security update
2007-12-18 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2008-04-06 00:00:00
MySQL: Denial of service
2007-11-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package MySQL version 5.0.51-alt1
2008-01-01 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2007-12-21 00:00:00
MySQL vulnerabilities
2008-03-19 00:00:00
MySQL regression
2008-04-02 00:00:00
oraclelinux
oraclelinux
Important: mysql security update
2007-12-18 00:00:00
mysql security, bug fix, and enhancement update
2008-08-01 00:00:00
mysql security and bug fix update
2008-05-30 00:00:00
seebug
seebug
MySQL Serverζƒι™ζε‡εŠζ‹’η»ζœεŠ‘ζΌζ΄ž
2007-12-14 00:00:00
MySQLζœεŠ‘ε™¨RENAME TABLEη³»η»Ÿθ‘¨ζ Όθ¦†η›–ζΌζ΄ž
2007-12-13 00:00:00
slackware
slackware
[slackware-security] mysql
2007-12-15 02:03:51
debian
debian
[SECURITY] [DSA 1451-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
2008-01-06 18:04:18
[SECURITY] [DSA 1413-1] New mysql packages fix multiple vulnerabilities
2007-11-26 17:20:12
[SECURITY] [DSA 1413-1] New mysql packages fix multiple vulnerabilities
2007-11-26 17:20:12
osv
osv
mysql-dfsg-5.0 several vulnerabilities
2008-01-06 00:00:00
mysql - multiple
2007-11-26 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:22:25
Denial Of Service (DoS)
2020-04-10 00:22:25
Privilege Escalation
2020-04-10 00:22:26
ubuntucve
ubuntucve
CVE-2007-5925
2007-11-10 00:00:00
CVE-2007-5969
2007-12-10 00:00:00
CVE-2007-5970
2007-12-10 00:00:00
cvelist
cvelist
CVE-2007-5925
2007-11-10 02:00:00
CVE-2007-5969
2007-12-10 19:00:00
CVE-2007-5970
2007-12-10 19:00:00
nvd
nvd
CVE-2007-5925
2007-11-10 02:46:00
CVE-2007-5970
2007-12-10 19:46:00
CVE-2007-5969
2007-12-10 19:46:00
prion
prion
Design/Logic Flaw
2007-11-10 02:46:00
Directory traversal
2007-12-10 19:46:00
Design/Logic Flaw
2007-12-10 19:46:00
securityvulns
securityvulns
MySQL DoS
2007-11-19 00:00:00
[Full-disclosure] [ GLSA 200711-25 ] MySQL: Denial of Service
2007-11-19 00:00:00
MySQL SHOW TABLE STATUS DoS
2007-12-21 00:00:00
cve
cve
CVE-2007-5970
2007-12-10 19:46:00
CVE-2007-5925
2007-11-10 02:46:00
CVE-2007-5969
2007-12-10 19:46:00
freebsd
freebsd
mysql -- privilege escalation and overwrite of the system table information
2007-11-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0212
2019-03-05 00:00:00

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

EPSS

0.031

Percentile

91.2%

JSON
Related for MYSQL_5_1_23.NASL
openvas42nessus30fedora2centos2f52redhat2gentoo2altlinux1ubuntu4oraclelinux3seebug2slackware1debian3osv2veracode3ubuntucve5cvelist5nvd7prion7securityvulns3cve7freebsd1photon1