Vulnerabilities > CVE-2006-4226
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
Vulnerable Configurations
Nessus
NASL family Databases NASL id MYSQL_5_1_12.NASL description The version of MySQL installed on the remote host is earlier than 4.1.21 / 5.0.25 / 5.1.12 and thus reportedly allows a remote user who has access rights on one database to access another database if the names differ only in case. last seen 2020-06-01 modified 2020-06-02 plugin id 17807 published 2012-01-16 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17807 title MySQL < 4.1.21 / 5.0.25 / 5.1.12 Access Control code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17807); script_version("1.6"); script_cvs_date("Date: 2018/07/16 14:09:13"); script_cve_id("CVE-2006-4226"); script_bugtraq_id(19559); script_name(english:"MySQL < 4.1.21 / 5.0.25 / 5.1.12 Access Control"); script_summary(english:"Checks version of MySQL Server"); script_set_attribute(attribute:"synopsis", value: "The remote database server may allow a remote user access to a database for which he does not have permissions."); script_set_attribute(attribute:"description", value: "The version of MySQL installed on the remote host is earlier than 4.1.21 / 5.0.25 / 5.1.12 and thus reportedly allows a remote user who has access rights on one database to access another database if the names differ only in case."); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html"); script_set_attribute(attribute:"see_also", value:"http://bugs.mysql.com/bug.php?id=17647"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 4.1.21 / 5.0.25 / 5.1.12 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:make_list('4.1.21', '5.0.25', '5.1.12'), severity:SECURITY_NOTE);NASL family Databases NASL id MYSQL_5_1_12_SUID.NASL description The version of MySQL installed on the remote host is earlier than 5.0.25 / 5.1.12 and thus reportedly allows a remote, authenticated user to gain privileges through a stored routine. last seen 2020-06-01 modified 2020-06-02 plugin id 17808 published 2012-01-16 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17808 title MySQL < 5.0.25 / 5.1.12 Privilege Escalation code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17808); script_version("1.8"); script_cvs_date("Date: 2018/07/16 14:09:13"); script_cve_id("CVE-2006-4227"); # This is the same BID as CVE-2006-4226. It is fixed in the same 5.x versions # but does not appear in the changelog of any 4.1.x # 2015/11/06 BID 19559 was removed since mitre.org mistakenly linked # it to CVE-2006-4227 script_name(english:"MySQL < 5.0.25 / 5.1.12 Privilege Escalation"); script_summary(english:"Checks version of MySQL Server"); script_set_attribute(attribute:"synopsis", value: "The remote database server may allow a remote user access to objects for which he does not have permissions."); script_set_attribute(attribute:"description", value: "The version of MySQL installed on the remote host is earlier than 5.0.25 / 5.1.12 and thus reportedly allows a remote, authenticated user to gain privileges through a stored routine."); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html"); script_set_attribute(attribute:"see_also", value:"http://bugs.mysql.com/bug.php?id=18630"); # 4.1.x is not fixed and reached its EOL script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 5.0.25 / 5.1.12 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20); script_set_attribute(attribute:"vuln_publication_date", value: "2006/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:make_list('5.0.25', '5.1.12'), severity:SECURITY_WARNING);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1169.NASL description Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4226 Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. - CVE-2006-4380 Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication. last seen 2020-06-01 modified 2020-06-02 plugin id 22711 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22711 title Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1169. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22711); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-4226", "CVE-2006-4380"); script_bugtraq_id(19559); script_xref(name:"DSA", value:"1169"); script_name(english:"Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4226 Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. - CVE-2006-4380 Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-4226" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-4380" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1169" ); script_set_attribute( attribute:"solution", value: "Upgrade the mysql-server-4.1 package. For the stable distribution (sarge) these problems have been fixed in version 4.1.11a-4sarge7. Version 4.0 is not affected by these problems." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"libmysqlclient14", reference:"4.1.11a-4sarge7")) flag++; if (deb_check(release:"3.1", prefix:"libmysqlclient14-dev", reference:"4.1.11a-4sarge7")) flag++; if (deb_check(release:"3.1", prefix:"mysql-client-4.1", reference:"4.1.11a-4sarge7")) flag++; if (deb_check(release:"3.1", prefix:"mysql-common-4.1", reference:"4.1.11a-4sarge7")) flag++; if (deb_check(release:"3.1", prefix:"mysql-server-4.1", reference:"4.1.11a-4sarge7")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0152.NASL description Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25007 published 2007-04-10 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25007 title CentOS 4 : mysql (CESA-2007:0152) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0152 and # CentOS Errata and Security Advisory 2007:0152 respectively. # include("compat.inc"); if (description) { script_id(25007); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-4226"); script_bugtraq_id(19559); script_xref(name:"RHSA", value:"2007:0152"); script_name(english:"CentOS 4 : mysql (CESA-2007:0152)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue." ); # https://lists.centos.org/pipermail/centos-announce/2007-April/013646.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7b13013b" ); # https://lists.centos.org/pipermail/centos-announce/2007-April/013654.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dfae0d95" ); # https://lists.centos.org/pipermail/centos-announce/2007-April/013655.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?048dafcd" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"mysql-4.1.20-2.RHEL4.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"mysql-bench-4.1.20-2.RHEL4.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"mysql-devel-4.1.20-2.RHEL4.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"mysql-server-4.1.20-2.RHEL4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-server"); }NASL family MacOS X Local Security Checks NASL id MACOSX_10_4_9.NASL description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog last seen 2020-06-01 modified 2020-06-02 plugin id 24811 published 2007-03-13 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24811 title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); if ( NASL_LEVEL < 3004 ) exit(0); include("compat.inc"); if(description) { script_id(24811); script_version ("1.29"); script_cve_id("CVE-2007-0719", "CVE-2007-0467", "CVE-2007-0720", "CVE-2007-0721", "CVE-2007-0722", "CVE-2006-6061", "CVE-2006-6062", "CVE-2006-5679", "CVE-2007-0229", "CVE-2007-0267", "CVE-2007-0299", "CVE-2007-0723", "CVE-2006-5330", "CVE-2006-0300", "CVE-2006-6097", "CVE-2007-0318", "CVE-2007-0724", "CVE-2007-1071", "CVE-2007-0733", "CVE-2006-5836", "CVE-2006-6129", "CVE-2006-6173", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4031", "CVE-2006-4226", "CVE-2006-3469", "CVE-2006-6130", "CVE-2007-0236", "CVE-2007-0726", "CVE-2006-0225", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", "CVE-2007-0728", "CVE-2007-0588", "CVE-2007-0730", "CVE-2007-0731", "CVE-2007-0463", "CVE-2005-2959", "CVE-2006-4829"); script_bugtraq_id(20982, 21236, 21291, 21349, 22041, 22948); script_name(english:"Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update which fixes a security issue." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog" ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=305214" ); script_set_attribute(attribute:"solution", value: "Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 : http://www.apple.com/support/downloads/macosxserver1049updateppc.html http://www.apple.com/support/downloads/macosx1049updateintel.html http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html Mac OS X 10.3 : Apply Security Update 2007-003 : http://www.apple.com/support/downloads/securityupdate20070031039client.html http://www.apple.com/support/downloads/securityupdate20070031039server.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 119, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2007/03/13"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/28"); script_set_attribute(attribute:"patch_publication_date", value: "2007/03/13"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the version of Mac OS X"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if ( ! os ) { os = get_kb_item("Host/OS"); confidence = get_kb_item("Host/OS/Confidence"); if ( confidence <= 90 ) exit(0); } if ( ! os ) exit(0); if ( ereg(pattern:"Mac OS X 10\.4($|\.[1-8]([^0-9]|$))", string:os)) security_hole(0); else if ( ereg(pattern:"Mac OS X 10\.3\.", string:os) ) { packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?2007-003", string:packages)) security_hole(0); }NASL family SuSE Local Security Checks NASL id SUSE_MYSQL-2075.NASL description This update of mysql fixes several security vulnerabilities. (CVE-2006-4031,CVE-2006-4226,CVE-2006-4227) last seen 2020-06-01 modified 2020-06-02 plugin id 27358 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27358 title openSUSE 10 Security Update : mysql (mysql-2075) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update mysql-2075. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27358); script_version ("1.14"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4227"); script_name(english:"openSUSE 10 Security Update : mysql (mysql-2075)"); script_summary(english:"Check for the mysql-2075 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of mysql fixes several security vulnerabilities. (CVE-2006-4031,CVE-2006-4226,CVE-2006-4227)" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-Max"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"mysql-5.0.18-20.8") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"mysql-Max-5.0.18-20.8") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A0E92718660311DBAB90000E35FD8194.NASL description Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. last seen 2020-06-01 modified 2020-06-02 plugin id 22923 published 2006-10-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22923 title FreeBSD : mysql -- database 'case-sensitive' privilege escalation (a0e92718-6603-11db-ab90-000e35fd8194) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(22923); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-4226"); script_bugtraq_id(19559); script_name(english:"FreeBSD : mysql -- database 'case-sensitive' privilege escalation (a0e92718-6603-11db-ab90-000e35fd8194)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions." ); # http://bugs.mysql.com/bug.php?id=17647 script_set_attribute( attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=17647" ); # https://vuxml.freebsd.org/freebsd/a0e92718-6603-11db-ab90-000e35fd8194.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0fa0760d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"mysql-server>=5.1<5.1.12")) flag++; if (pkg_test(save_report:TRUE, pkg:"mysql-server>=5.0<5.0.25")) flag++; if (pkg_test(save_report:TRUE, pkg:"mysql-server<4.1.21")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0152.NASL description From Red Hat Security Advisory 2007:0152 : Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67470 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67470 title Oracle Linux 4 : mysql (ELSA-2007-0152) NASL family SuSE Local Security Checks NASL id SUSE_MYSQL-2073.NASL description This update of mysql fixes several security vulnerabilities. (CVE-2006-4031 / CVE-2006-4226 / CVE-2006-4227) last seen 2020-06-01 modified 2020-06-02 plugin id 29524 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29524 title SuSE 10 Security Update : mysql (ZYPP Patch Number 2073) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-149.NASL description MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user last seen 2020-06-01 modified 2020-06-02 plugin id 23896 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23896 title Mandrake Linux Security Advisory : MySQL (MDKSA-2006:149) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0152.NASL description Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24951 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24951 title RHEL 4 : mysql (RHSA-2007:0152)
Oval
| accepted | 2013-04-29T04:08:10.329-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10729 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-09-19 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3 |
References
- http://lists.mysql.com/commits/5927
- http://bugs.mysql.com/bug.php?id=17647
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
- http://www.securityfocus.com/bid/19559
- http://secunia.com/advisories/21506
- http://securitytracker.com/id?1016710
- http://www.debian.org/security/2006/dsa-1169
- http://secunia.com/advisories/21762
- http://secunia.com/advisories/21627
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://secunia.com/advisories/22080
- http://docs.info.apple.com/article.html?artnum=305214
- http://www.redhat.com/support/errata/RHSA-2007-0083.html
- http://secunia.com/advisories/24479
- http://www.redhat.com/support/errata/RHSA-2007-0152.html
- http://secunia.com/advisories/24744
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2007/0930
- http://www.vupen.com/english/advisories/2006/3306
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28448
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729