FreeBSD Ports mysql-server vulnerabilit
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.63095");
script_version("2023-07-26T05:05:09+0000");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2009-01-02 18:22:54 +0100 (Fri, 02 Jan 2009)");
script_cve_id("CVE-2008-2079", "CVE-2008-4097", "CVE-2008-4098");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:S/C:P/I:P/A:P");
script_name("FreeBSD Ports: mysql-server");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_tag(name:"insight", value:"The following package is affected: mysql-server
CVE-2008-2079
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24,
and 6.0.x before 6.0.5 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the
MySQL home data directory, which can point to tables that are created
in the future.
CVE-2008-4097
MySQL 5.0.51a allows local users to bypass certain privilege checks by
calling CREATE TABLE on a MyISAM table with modified (1) DATA
DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with
symlinks within pathnames for subdirectories of the MySQL home data
directory, which are followed when tables are created in the future.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-2079.
CVE-2008-4098
MySQL before 5.0.67 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally
associated with pathnames without symlinks, and that can point to
tables created at a future time at which a pathname is modified to
contain a symlink to a subdirectory of the MySQL home data directory.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-4097.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_xref(name:"URL", value:"http://bugs.mysql.com/bug.php?id=32167");
script_xref(name:"URL", value:"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html");
script_xref(name:"URL", value:"http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html");
script_xref(name:"URL", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html");
script_xref(name:"URL", value:"http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html");
script_xref(name:"URL", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25");
script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/738f8f9e-d661-11dd-a765-0030843d3802.html");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"mysql-server");
if(!isnull(bver) && revcomp(a:bver, b:"4.1")>=0 && revcomp(a:bver, b:"4.1.25")<0) {
txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"5.0")>=0 && revcomp(a:bver, b:"5.0.75")<0) {
txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"5.1")>=0 && revcomp(a:bver, b:"5.1.28")<0) {
txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"6.0")>=0 && revcomp(a:bver, b:"6.0.6")<0) {
txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo