GoogleOSV:DSA-1451-1mysql-dfsg-5.0 several vulnerabilities
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
Several local/remote vulnerabilities have been discovered in the MySQL
database server. The Common Vulnerabilities and Exposures project
identifies the following problems:
It was discovered that the privilege validation for the source table
of CREATE TABLE LIKE statements was insufficiently enforced, which
might lead to information disclosure. This is only exploitable by
authenticated users.
It was discovered that symbolic links were handled insecurely during
the creation of tables with DATA DIRECTORY or INDEX DIRECTORY
statements, which might lead to denial of service by overwriting
data. This is only exploitable by authenticated users.
It was discovered that queries to data in a FEDERATED table can
lead to a crash of the local database server, if the remote server
returns information with less columns than expected, resulting in
denial of service.
The old stable distribution (sarge) doesnβt contain mysql-dfsg-5.0.
For the stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch4.
For the unstable distribution (sid), these problems have been fixed in
version 5.0.51-1.
We recommend that you upgrade your mysql-dfsg-5.0 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mysql-dfsg-5.0 | eq | 5.0.32-7etch1 | |
| mysql-dfsg-5.0 | eq | 5.0.32-7etch3 | |
| mysql-dfsg-5.0 | eq | 5.0.32-7etch3~bpo31+1 |
References
Related
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C