Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MySQL Enterprise Server 5.0 < 5.0.60 MyISAM CREATE TABLE Privilege Check Bypass

🗓️ 09 May 2008 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 50 Views

The remote MySQL server allows a local user to bypass privileges via MyISAM table

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD		mysql -- MyISAM table privileges security bypass vulnerability
5 May 200800:00
freebsd
FreeBSD		mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
3 Jul 200800:00
freebsd
Tenable Nessus		Oracle MySQL 4.1 < 4.1.24 MyISAM Table Privilege Check Bypass
8 May 200800:00
nessus
Tenable Nessus		Oracle MySQL Enterprise Server 5.0 < 5.0.60 MyISAM Table Privilege Check Bypass
9 May 200800:00
nessus
Tenable Nessus		Oracle MySQL < 5.1.41 Multiple Vulnerabilities
24 Nov 200900:00
nessus
Tenable Nessus		MySQL < 5.1.41 Multiple Vulnerabilities
24 Nov 200900:00
nessus
Tenable Nessus		CentOS 5 : mysql (CESA-2009:1289)
6 Jan 201000:00
nessus
Tenable Nessus		CentOS 5 : mysql (CESA-2010:0109)
2 Mar 201000:00
nessus
Tenable Nessus		CentOS 4 : mysql (CESA-2010:0110)
18 Feb 201000:00
nessus
Tenable Nessus		Debian DSA-1608-1 : mysql-dfsg-5.0 - authorization bypass
15 Jul 200800:00
nessus
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(32138);
  script_version("1.14");
  script_cvs_date("Date: 2018/07/16 14:09:13");

  script_cve_id("CVE-2008-2079");
  script_bugtraq_id(29106);
  script_xref(name:"Secunia", value:"30134");

  script_name(english:"MySQL Enterprise Server 5.0 < 5.0.60 MyISAM CREATE TABLE Privilege Check Bypass");
  script_summary(english:"Checks version of MySQL Enterprise Server");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server allows a local user to circumvent
privileges.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL Enterprise Server 5.0 installed on the remote
host is earlier than 5.0.60.  Such versions reportedly allow a local
user to circumvent privileges through creation of MyISAM tables using
the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite
existing table files in the application's data directory.");
  script_set_attribute(attribute:"see_also", value:"http://bugs.mysql.com/bug.php?id=32167");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-60.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL Enterprise Server version 5.0.60 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("mysql_func.inc");


port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE);

if (mysql_init(port:port, exit_on_fail:TRUE) == 1)
{
  variant = mysql_get_variant();
  ver = mysql_get_version();

  if (
    "Enterprise " >< variant && 
    strlen(ver) && ver =~ "^5\.0\.([0-9]|[1-5][0-9])($|[^0-9])"
  )
  {
    if (report_verbosity > 0)
    {
      report =
        '\nThe remote MySQL '+variant+'\'s version is :\n'+
        '\n  '+ver+'\n';
      datadir = get_kb_item('mysql/' + port + '/datadir');
      if (!empty_or_null(datadir))
      {
        report += '  Data Dir          : ' + datadir + '\n';
      }
      databases = get_kb_item('mysql/' + port + '/databases');
      if (!empty_or_null(databases))
      { 
        report += '  Databases         :\n' + databases;
      }
      security_note(port:port, extra:report);
    }
    else security_note(port);
  }
}
mysql_close();

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Jul 2018 14:09Current
7.9High risk
Vulners AI Score7.9
CVSS 24.6
EPSS0.02588
mysqlenterprise serverprivilege check bypassmyisamcreate tablesecurity flaw
50