RHEL 2.1 : mysql (RHSA-2003:094)

🗓️ 06 Jul 2004 00:00:00Reported by TenableType

MySQL update fixes double-free and remote root exploit vulnerabilities; users should upgrade now.

Reporter	Title	Published	Views	Family All 29
0day.today	MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation	12 Sep 201600:00	–	zdt
Tenable Nessus	Oracle MySQL < 3.23.56 Local Privilege Escalation	20 Aug 200400:00	–	nessus
Tenable Nessus	Oracle MySQL < 3.23.55 Double Free() Overflow	20 Aug 200400:00	–	nessus
Tenable Nessus	Debian DSA-303-1 : mysql - privilege escalation	29 Sep 200400:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : MYSQL (MDKSA-2003:013)	31 Jul 200400:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : MySQL (MDKSA-2003:057)	31 Jul 200400:00	–	nessus
Tenable Nessus	MySQL < 3.23.56 Writable Configuration Files	18 Jan 201200:00	–	nessus
Tenable Nessus	MySQL < 3.23.55 mysql_change_user() Double-free Memory Pointer DoS	1 Mar 200300:00	–	nessus
Tenable Nessus	MySQL datadir/my.cnf Modification Privilege Escalation	14 Mar 200300:00	–	nessus
CVE	CAN-2003-0073	6 Aug 202410:37	–	cve

Source	Link
access	www.access.redhat.com/security/cve/cve-2003-0073
access	www.access.redhat.com/security/cve/cve-2003-0150
dev	www.dev.mysql.com/doc/refman/4.1/en/news-3-23-55.html
dev	www.dev.mysql.com/doc/refman/4.1/en/news-3-23-56.html
access	www.access.redhat.com/errata/RHSA-2003:094
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:094. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12378);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2003-0073", "CVE-2003-0150");
  script_xref(name:"RHSA", value:"2003:094");

  script_name(english:"RHEL 2.1 : mysql (RHSA-2003:094)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated packages are available that fix both a double-free security
vulnerability and a remote root exploit security vulnerability found
in the MySQL server.

[Updated 11 Aug 2003] Updated mysqlclient9 packages are now included.
These were previously missing from this erratum.

MySQL is a multi-user, multi-threaded SQL database server.

A double-free vulnerability in mysqld, for MySQL before version
3.23.55, allows attackers with MySQL access to cause a denial of
service (crash) by creating a carefully crafted client application.

A remote root exploit vulnerability in mysqld, for MySQL before
version 3.23.56, allows MySQL users to gain root privileges by
overwriting configuration files.

Previous versions of the MySQL packages do not contain the thread safe
client library (libmysqlclient_r).

All users of MySQL are advised to upgrade to these errata packages
containing MySQL 3.23.56."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0150"
  );
  # http://www.mysql.com/doc/en/News-3.23.55.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/4.1/en/news-3-23-55.html"
  );
  # http://www.mysql.com/doc/en/News-3.23.56.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/4.1/en/news-3-23-56.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:094"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysqlclient9");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/08/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:094";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mysql-3.23.56-1.72")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mysql-devel-3.23.56-1.72")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mysql-server-3.23.56-1.72")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mysqlclient9-3.23.22-8")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-devel / mysql-server / mysqlclient9");
  }
}

14 Jan 2021 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 29

EPSS0.12813