Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.REDHAT-RHSA-2004-611.NASL
HistoryNov 04, 2004 - 12:00 a.m.

RHEL 3 : mysql-server (RHSA-2004:611)

2004-11-0400:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

An updated mysql-server package that fixes various security issues is now available in the Red Hat Enterprise Linux 3 Extras channel of Red Hat Network.

MySQL is a multi-user, multi-threaded SQL database server.

A number of security issues that affect the mysql-server package have been reported. Although Red Hat Enterprise Linux 3 does not ship with the mysql-server package, the affected package is available from the Red Hat Network Extras channel.

Oleksandr Byelkin discovered that ‘ALTER TABLE … RENAME’ checked the CREATE/INSERT rights of the old table instead of the new one. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0835 to this issue.

Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function. In order to exploit this issue an attacker would need to force the use of a malicious DNS server (CVE-2004-0836).

Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION could cause the server to crash or stall (CVE-2004-0837).

Sergei Golubchik discovered that if a user is granted privileges to a database with a name containing an underscore (‘_’), the user also gains the ability to grant privileges to other databases with similar names (CVE-2004-0957).

Users of mysql-server should upgrade to these erratum packages, which correct these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:611. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15631);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0835", "CVE-2004-0836", "CVE-2004-0837", "CVE-2004-0957");
  script_xref(name:"RHSA", value:"2004:611");

  script_name(english:"RHEL 3 : mysql-server (RHSA-2004:611)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated mysql-server package that fixes various security issues is
now available in the Red Hat Enterprise Linux 3 Extras channel of Red
Hat Network.

MySQL is a multi-user, multi-threaded SQL database server.

A number of security issues that affect the mysql-server package have
been reported. Although Red Hat Enterprise Linux 3 does not ship with
the mysql-server package, the affected package is available from the
Red Hat Network Extras channel.

Oleksandr Byelkin discovered that 'ALTER TABLE ... RENAME' checked the
CREATE/INSERT rights of the old table instead of the new one. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0835 to this issue.

Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect
function. In order to exploit this issue an attacker would need to
force the use of a malicious DNS server (CVE-2004-0836).

Dean Ellis discovered that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION could cause the server to
crash or stall (CVE-2004-0837).

Sergei Golubchik discovered that if a user is granted privileges to a
database with a name containing an underscore ('_'), the user also
gains the ability to grant privileges to other databases with similar
names (CVE-2004-0957).

Users of mysql-server should upgrade to these erratum packages, which
correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2004-0835.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2004-0836.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2004-0837.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2004-0957.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://rhn.redhat.com/errata/RHSA-2004-611.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mysql-server package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/04");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/05/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

flag = 0;
if (rpm_check(release:"RHEL3", reference:"mysql-server-3.23.58-2.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
redhatenterprise_linuxmysql-serverp-cpe:/a:redhat:enterprise_linux:mysql-server
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3

Related

redhat 3
nessus 21
osv 2
debian 4
openvas 22
gentoo 1
ubuntu 2
ubuntucve 4
freebsd 4
cvelist 4
cve 4
redhat
redhat
(RHSA-2004:611) mysql-server security update
2004-10-27 00:00:00
(RHSA-2004:597) mysql security update
2004-10-20 00:00:00
(RHSA-2004:569) mysql security update
2004-10-20 00:00:00
nessus
nessus
GLSA-200410-22 : MySQL: Multiple vulnerabilities
2004-10-25 00:00:00
Debian DSA-562-1 : mysql - several vulnerabilities
2004-11-10 00:00:00
Mandrake Linux Security Advisory : MySQL (MDKSA-2004:119)
2004-11-02 00:00:00
osv
osv
mysql - several vulnerabilities
2004-10-11 00:00:00
mysql - several
2005-04-13 00:00:00
debian
debian
[SECURITY] [DSA 562-1] New mysql packages fix several vulnerabilities
2004-10-11 09:24:18
[SECURITY] [DSA 562-1] New mysql packages fix several vulnerabilities
2004-10-11 09:24:18
[SECURITY] [DSA 707-1] New mysql packages fix several vulnerabilities
2005-04-13 14:45:01
openvas
openvas
Gentoo Security Advisory GLSA 200410-22 (MySQL)
2008-09-24 00:00:00
SLES9: Security update for MySQL
2009-10-10 00:00:00
SLES9: Security update for MySQL
2009-10-10 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2004-10-24 00:00:00
ubuntu
ubuntu
mysql vulnerabilities
2004-11-25 00:00:00
MySQL vulnerability
2005-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2004-0835
2004-11-03 00:00:00
CVE-2004-0957
2005-02-09 00:00:00
CVE-2004-0837
2004-11-03 00:00:00
freebsd
freebsd
mysql -- erroneous access restrictions applied to table renames
2004-03-23 00:00:00
mysql -- GRANT access restriction problem
2004-03-29 00:00:00
mysql -- ALTER MERGE denial of service vulnerability
2004-01-15 00:00:00
cvelist
cvelist
CVE-2004-0957
2004-10-21 04:00:00
CVE-2004-0837
2004-10-16 04:00:00
CVE-2004-0835
2004-10-16 04:00:00
cve
cve
CVE-2004-0957
2005-02-09 05:00:00
CVE-2004-0837
2004-11-03 05:00:00
CVE-2004-0835
2004-11-03 05:00:00
JSON
Related for REDHAT-RHSA-2004-611.NASL
redhat3nessus21osv2debian4openvas22gentoo1ubuntu2ubuntucve4freebsd4cvelist4cve4