Vulnerabilities > CVE-2007-3781 - Denial of Service vulnerability in Mysql Community Server 5.0.41/5.0.44

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mysql
nessus

Summary

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

Vulnerable Configurations

Part Description Count
Application
Mysql
2

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080521_MYSQL_ON_SL5_X.NASL
    descriptionMySQL did not require privileges such as
    last seen2020-06-01
    modified2020-06-02
    plugin id60406
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60406
    titleScientific Linux Security Update : mysql on SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60406);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2006-0903", "CVE-2006-4031", "CVE-2006-4227", "CVE-2006-7232", "CVE-2007-1420", "CVE-2007-2583", "CVE-2007-2691", "CVE-2007-2692", "CVE-2007-3781", "CVE-2007-3782");
    
      script_name(english:"Scientific Linux Security Update : mysql on SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "MySQL did not require privileges such as 'SELECT' for the source table
    in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain
    sensitive information, such as the table structure. (CVE-2007-3781)
    
    A flaw was discovered in MySQL that allowed an authenticated user to
    gain update privileges for a table in another database, via a view
    that refers to the external table. (CVE-2007-3782)
    
    MySQL did not require the 'DROP' privilege for 'RENAME TABLE'
    statements. An authenticated user could use this flaw to rename
    arbitrary tables. (CVE-2007-2691)
    
    A flaw was discovered in the mysql_change_db function when returning
    from SQL SECURITY INVOKER stored routines. An authenticated user could
    use this flaw to gain database privileges. (CVE-2007-2692)
    
    MySQL allowed an authenticated user to bypass logging mechanisms via
    SQL queries that contain the NULL character, which were not properly
    handled by the mysql_real_query function. (CVE-2006-0903)
    
    MySQL allowed an authenticated user to access a table through a
    previously created MERGE table, even after the user's privileges were
    revoked from the original table, which might violate intended security
    policy. This is addressed by allowing the MERGE storage engine to be
    disabled, which can be done by running mysqld with the '--skip-merge'
    option. (CVE-2006-4031)
    
    MySQL evaluated arguments in the wrong security context, which allowed
    an authenticated user to gain privileges through a routine that had
    been made available using 'GRANT EXECUTE'. (CVE-2006-4227)
    
    Multiple flaws in MySQL allowed an authenticated user to cause the
    MySQL daemon to crash via crafted SQL queries. This only caused a
    temporary denial of service, as the MySQL daemon is automatically
    restarted after the crash. (CVE-2006-7232, CVE-2007-1420,
    CVE-2007-2583)
    
    As well, these updated packages fix the following bugs :
    
      - a separate counter was used for 'insert delayed'
        statements, which caused rows to be discarded. In these
        updated packages, 'insert delayed' statements no longer
        use a separate counter, which resolves this issue.
    
      - due to a bug in the Native POSIX Thread Library, in
        certain situations, 'flush tables' caused a deadlock on
        tables that had a read lock. The mysqld daemon had to be
        killed forcefully. Now, 'COND_refresh' has been replaced
        with 'COND_global_read_lock', which resolves this issue.
    
      - mysqld crashed if a query for an unsigned column type
        contained a negative value for a 'WHERE [column] NOT IN'
        subquery.
    
      - in master and slave server situations, specifying 'on
        duplicate key update' for 'insert' statements did not
        update slave servers.
    
      - in the mysql client, empty strings were displayed as
        'NULL'. For example, running 'insert into [table-name]
        values (' ');' resulted in a 'NULL' entry being
        displayed when querying the table using 'select * from
        [table-name];'.
    
      - a bug in the optimizer code resulted in certain queries
        executing much slower than expected.
    
      - on 64-bit PowerPC architectures, MySQL did not calculate
        the thread stack size correctly, which could have caused
        MySQL to crash when overly-complex queries were used.
    
    Note: these updated packages upgrade MySQL to version 5.0.45. For a
    full list of bug fixes and enhancements, refer to the MySQL release
    notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html"
      );
      # http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0805&L=scientific-linux-errata&T=0&P=2055
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7b67d151"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_cwe_id(20, 89, 189, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"mysql-5.0.45-7.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"mysql-bench-5.0.45-7.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"mysql-devel-5.0.45-7.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"mysql-server-5.0.45-7.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"mysql-test-5.0.45-7.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200708-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200708-10 (MySQL: Denial of Service and information leakage) Dormando reported a vulnerability within the handling of password packets in the connection protocol (CVE-2007-3780). Andrei Elkin also found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id25916
    published2007-08-21
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25916
    titleGLSA-200708-10 : MySQL: Denial of Service and information leakage
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200708-10.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25916);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-3780", "CVE-2007-3781");
      script_bugtraq_id(25017);
      script_xref(name:"GLSA", value:"200708-10");
    
      script_name(english:"GLSA-200708-10 : MySQL: Denial of Service and information leakage");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200708-10
    (MySQL: Denial of Service and information leakage)
    
        Dormando reported a vulnerability within the handling of password
        packets in the connection protocol (CVE-2007-3780). Andrei Elkin also
        found that the 'CREATE TABLE LIKE' command didn't require SELECT
        privileges on the source table (CVE-2007-3781).
      
    Impact :
    
        A remote unauthenticated attacker could use the first vulnerability to
        make the server crash. The second vulnerability can be used by
        authenticated users to obtain information on tables they are not
        normally able to access.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200708-10"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All MySQL users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.0.44'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/21");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.0.44"), vulnerable:make_list("lt 5.0.44"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MySQL");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-348-01.NASL
    descriptionNew mysql packages are available for Slackware 11.0, 12.0, and -current to fix bugs and security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29704
    published2007-12-17
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29704
    titleSlackware 11.0 / 12.0 / current : mysql (SSA:2007-348-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2007-348-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29704);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/25 13:36:21");
    
      script_cve_id("CVE-2007-3781", "CVE-2007-5925", "CVE-2007-5969");
      script_xref(name:"SSA", value:"2007-348-01");
    
      script_name(english:"Slackware 11.0 / 12.0 / current : mysql (SSA:2007-348-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New mysql packages are available for Slackware 11.0, 12.0, and
    -current to fix bugs and security issues."
      );
      # http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.0/en/news-5-0-51.html"
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5a42b251"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mysql package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
      script_cwe_id(20, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"11.0", pkgname:"mysql", pkgver:"5.0.51", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++;
    
    if (slackware_check(osver:"12.0", pkgname:"mysql", pkgver:"5.0.51", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"mysql", pkgver:"5.0.51", pkgarch:"i486", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-243.NASL
    descriptionA vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error (CVE-2007-5925). Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to (CVE-2007-5969). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29300
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29300
    titleMandrake Linux Security Advisory : MySQL (MDKSA-2007:243)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:243. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29300);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-3781", "CVE-2007-5925", "CVE-2007-5969");
      script_xref(name:"MDKSA", value:"2007:243");
    
      script_name(english:"Mandrake Linux Security Advisory : MySQL (MDKSA-2007:243)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability in MySQL prior to 5.0.45 did not require priveliges
    such as SELECT for the source table in a CREATE TABLE LIKE statement,
    allowing remote authenticated users to obtain sensitive information
    such as the table structure (CVE-2007-3781).
    
    A vulnerability in the InnoDB engine in MySQL allowed remote
    authenticated users to cause a denial of service (database crash) via
    certain CONTAINS operations on an indexed column, which triggered an
    assertion error (CVE-2007-5925).
    
    Using RENAME TABLE against a table with explicit DATA DIRECTORY and
    INDEX DIRECTORY options could be used to overwrite system table
    information by replacing the file to which a symlink pointed to
    (CVE-2007-5969).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
      script_cwe_id(20, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-Max");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-management");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-storage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-Max-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-bench-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-client-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-common-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-extra-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-management-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-storage-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-tools-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64mysql15-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64mysql15-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64mysql15-static-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmysql15-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmysql15-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmysql15-static-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-Max-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-bench-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-client-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-common-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-extra-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-management-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-storage-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-tools-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql15-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql15-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql15-static-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql15-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql15-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql15-static-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql-static-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql15-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql-static-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql15-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-bench-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-client-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-common-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-max-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-extra-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-management-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-storage-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-tools-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0364.NASL
    descriptionUpdated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not require privileges such as
    last seen2020-06-01
    modified2020-06-02
    plugin id32425
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32425
    titleRHEL 5 : mysql (RHSA-2008:0364)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0364. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32425);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2006-0903", "CVE-2006-4031", "CVE-2006-4227", "CVE-2006-7232", "CVE-2007-1420", "CVE-2007-2583", "CVE-2007-2691", "CVE-2007-2692", "CVE-2007-3781", "CVE-2007-3782");
      script_bugtraq_id(19279, 19559, 23911, 24011, 24016, 25017);
      script_xref(name:"RHSA", value:"2008:0364");
    
      script_name(english:"RHEL 5 : mysql (RHSA-2008:0364)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mysql packages that fix various security issues and several
    bugs are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
    client/server implementation consisting of a server daemon (mysqld),
    and many different client programs and libraries.
    
    MySQL did not require privileges such as 'SELECT' for the source table
    in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain
    sensitive information, such as the table structure. (CVE-2007-3781)
    
    A flaw was discovered in MySQL that allowed an authenticated user to
    gain update privileges for a table in another database, via a view
    that refers to the external table. (CVE-2007-3782)
    
    MySQL did not require the 'DROP' privilege for 'RENAME TABLE'
    statements. An authenticated user could use this flaw to rename
    arbitrary tables. (CVE-2007-2691)
    
    A flaw was discovered in the mysql_change_db function when returning
    from SQL SECURITY INVOKER stored routines. An authenticated user could
    use this flaw to gain database privileges. (CVE-2007-2692)
    
    MySQL allowed an authenticated user to bypass logging mechanisms via
    SQL queries that contain the NULL character, which were not properly
    handled by the mysql_real_query function. (CVE-2006-0903)
    
    MySQL allowed an authenticated user to access a table through a
    previously created MERGE table, even after the user's privileges were
    revoked from the original table, which might violate intended security
    policy. This is addressed by allowing the MERGE storage engine to be
    disabled, which can be done by running mysqld with the '--skip-merge'
    option. (CVE-2006-4031)
    
    MySQL evaluated arguments in the wrong security context, which allowed
    an authenticated user to gain privileges through a routine that had
    been made available using 'GRANT EXECUTE'. (CVE-2006-4227)
    
    Multiple flaws in MySQL allowed an authenticated user to cause the
    MySQL daemon to crash via crafted SQL queries. This only caused a
    temporary denial of service, as the MySQL daemon is automatically
    restarted after the crash. (CVE-2006-7232, CVE-2007-1420,
    CVE-2007-2583)
    
    As well, these updated packages fix the following bugs :
    
    * a separate counter was used for 'insert delayed' statements, which
    caused rows to be discarded. In these updated packages, 'insert
    delayed' statements no longer use a separate counter, which resolves
    this issue.
    
    * due to a bug in the Native POSIX Thread Library, in certain
    situations, 'flush tables' caused a deadlock on tables that had a read
    lock. The mysqld daemon had to be killed forcefully. Now,
    'COND_refresh' has been replaced with 'COND_global_read_lock', which
    resolves this issue.
    
    * mysqld crashed if a query for an unsigned column type contained a
    negative value for a 'WHERE [column] NOT IN' subquery.
    
    * in master and slave server situations, specifying 'on duplicate key
    update' for 'insert' statements did not update slave servers.
    
    * in the mysql client, empty strings were displayed as 'NULL'. For
    example, running 'insert into [table-name] values (' ');' resulted in
    a 'NULL' entry being displayed when querying the table using 'select *
    from [table-name];'.
    
    * a bug in the optimizer code resulted in certain queries executing
    much slower than expected.
    
    * on 64-bit PowerPC architectures, MySQL did not calculate the thread
    stack size correctly, which could have caused MySQL to crash when
    overly-complex queries were used.
    
    Note: these updated packages upgrade MySQL to version 5.0.45. For a
    full list of bug fixes and enhancements, refer to the MySQL release
    notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html
    
    All mysql users are advised to upgrade to these updated packages,
    which resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1420"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2691"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2692"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0364"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 89, 189, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0364";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"mysql-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql-bench-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql-bench-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql-bench-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"mysql-devel-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql-server-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql-server-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql-server-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql-test-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql-test-5.0.45-7.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql-test-5.0.45-7.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-server / mysql-test");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MYSQL-4375.NASL
    descriptionThis update provides fixes for : - CVE-2007-3780: remote triggerable crash - CVE-2007-3781: query tables without propper authorisation - CVE-2007-3782: gain update privileges without propper authorisation
    last seen2020-06-01
    modified2020-06-02
    plugin id27359
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27359
    titleopenSUSE 10 Security Update : mysql (mysql-4375)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mysql-4375.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27359);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-3780", "CVE-2007-3781", "CVE-2007-3782");
    
      script_name(english:"openSUSE 10 Security Update : mysql (mysql-4375)");
      script_summary(english:"Check for the mysql-4375 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update provides fixes for :
    
      - CVE-2007-3780: remote triggerable crash
    
      - CVE-2007-3781: query tables without propper
        authorisation
    
      - CVE-2007-3782: gain update privileges without propper
        authorisation"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mysql packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(20, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-Max");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-shared");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-shared-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-5.0.26-12.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-Max-5.0.26-12.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-bench-5.0.26-12.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-client-5.0.26-12.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-devel-5.0.26-12.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-shared-5.0.26-12.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-12.13") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mysql-5.0.26-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mysql-Max-5.0.26-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mysql-bench-5.0.26-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mysql-client-5.0.26-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mysql-debug-5.0.26-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mysql-devel-5.0.26-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mysql-shared-5.0.26-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-14") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-559-1.NASL
    descriptionJoe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. (CVE-2007-5925) It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. (CVE-2007-5969) Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. (CVE-2007-6304) It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges. (CVE-2007-3781). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29793
    published2007-12-24
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29793
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-559-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29793);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2007-3781", "CVE-2007-5925", "CVE-2007-5969", "CVE-2007-6304");
      script_bugtraq_id(25017, 26353, 26765, 26832);
      script_xref(name:"USN", value:"559-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in
    MySQL did not properly perform input validation. An authenticated user
    could use a crafted CONTAINS statement to cause a denial of service.
    (CVE-2007-5925)
    
    It was discovered that under certain conditions MySQL could be made to
    overwrite system table information. An authenticated user could use a
    crafted RENAME statement to escalate privileges. (CVE-2007-5969)
    
    Philip Stoev discovered that the the federated engine of MySQL did not
    properly handle responses with a small number of columns. An
    authenticated user could use a crafted response to a SHOW TABLE STATUS
    query and cause a denial of service. (CVE-2007-6304)
    
    It was discovered that MySQL did not properly enforce access controls.
    An authenticated user could use a crafted CREATE TABLE LIKE statement
    to escalate privileges. (CVE-2007-3781).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/559-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15off");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"libmysqlclient15-dev", pkgver:"5.0.22-0ubuntu6.06.6")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libmysqlclient15off", pkgver:"5.0.22-0ubuntu6.06.6")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mysql-client", pkgver:"5.0.22-0ubuntu6.06.6")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mysql-client-5.0", pkgver:"5.0.22-0ubuntu6.06.6")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mysql-common", pkgver:"5.0.22-0ubuntu6.06.6")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mysql-server", pkgver:"5.0.22-0ubuntu6.06.6")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mysql-server-5.0", pkgver:"5.0.22-0ubuntu6.06.6")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libmysqlclient15-dev", pkgver:"5.0.24a-9ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libmysqlclient15off", pkgver:"5.0.24a-9ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mysql-client", pkgver:"5.0.24a-9ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mysql-client-5.0", pkgver:"5.0.24a-9ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mysql-common", pkgver:"5.0.24a-9ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mysql-server", pkgver:"5.0.24a-9ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mysql-server-5.0", pkgver:"5.0.24a-9ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"libmysqlclient15-dev", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"libmysqlclient15off", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mysql-client", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mysql-client-5.0", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mysql-common", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mysql-server", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mysql-server-4.1", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mysql-server-5.0", pkgver:"5.0.38-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"libmysqlclient15-dev", pkgver:"5.0.45-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"libmysqlclient15off", pkgver:"5.0.45-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"mysql-client", pkgver:"5.0.45-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"mysql-client-5.0", pkgver:"5.0.45-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"mysql-common", pkgver:"5.0.45-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"mysql-server", pkgver:"5.0.45-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"mysql-server-5.0", pkgver:"5.0.45-1ubuntu3.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqlclient15-dev / libmysqlclient15off / mysql-client / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1451.NASL
    descriptionSeveral local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3781 It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced, which might lead to information disclosure. This is only exploitable by authenticated users. - CVE-2007-5969 It was discovered that symbolic links were handled insecurely during the creation of tables with DATA DIRECTORY or INDEX DIRECTORY statements, which might lead to denial of service by overwriting data. This is only exploitable by authenticated users. - CVE-2007-6304 It was discovered that queries to data in a FEDERATED table can lead to a crash of the local database server, if the remote server returns information with less columns than expected, resulting in denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id29860
    published2008-01-07
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29860
    titleDebian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1451. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29860);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2007-3781", "CVE-2007-5969", "CVE-2007-6304");
      script_xref(name:"DSA", value:"1451");
    
      script_name(english:"Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several local/remote vulnerabilities have been discovered in the MySQL
    database server. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2007-3781
        It was discovered that the privilege validation for the
        source table of CREATE TABLE LIKE statements was
        insufficiently enforced, which might lead to information
        disclosure. This is only exploitable by authenticated
        users.
    
      - CVE-2007-5969
        It was discovered that symbolic links were handled
        insecurely during the creation of tables with DATA
        DIRECTORY or INDEX DIRECTORY statements, which might
        lead to denial of service by overwriting data. This is
        only exploitable by authenticated users.
    
      - CVE-2007-6304
        It was discovered that queries to data in a FEDERATED
        table can lead to a crash of the local database server,
        if the remote server returns information with less
        columns than expected, resulting in denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-3781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-5969"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-6304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1451"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mysql-dfsg-5.0 packages.
    
    The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.
    
    For the stable distribution (etch), these problems have been fixed in
    version 5.0.32-7etch4."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/01/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"libmysqlclient15-dev", reference:"5.0.32-7etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"libmysqlclient15off", reference:"5.0.32-7etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"mysql-client", reference:"5.0.32-7etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"mysql-client-5.0", reference:"5.0.32-7etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"mysql-common", reference:"5.0.32-7etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"mysql-server", reference:"5.0.32-7etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"mysql-server-4.1", reference:"5.0.32-7etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"mysql-server-5.0", reference:"5.0.32-7etch4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MYSQL-4376.NASL
    descriptionThis update provides fixes for : - remote triggerable crash. (CVE-2007-3780) - query tables without propper authorisation. (CVE-2007-3781) - gain update privileges without propper authorisation. (CVE-2007-3782)
    last seen2020-06-01
    modified2020-06-02
    plugin id29525
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29525
    titleSuSE 10 Security Update : MySQL (ZYPP Patch Number 4376)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29525);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-3780", "CVE-2007-3781", "CVE-2007-3782");
    
      script_name(english:"SuSE 10 Security Update : MySQL (ZYPP Patch Number 4376)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update provides fixes for :
    
      - remote triggerable crash. (CVE-2007-3780)
    
      - query tables without propper authorisation.
        (CVE-2007-3781)
    
      - gain update privileges without propper authorisation.
        (CVE-2007-3782)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3780.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3781.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3782.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4376.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(20, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, reference:"mysql-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"mysql-client-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"mysql-devel-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"mysql-shared-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"mysql-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"mysql-Max-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"mysql-client-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"mysql-devel-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"mysql-shared-5.0.26-12.13")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-12.13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyDatabases
    NASL idMYSQL_5_0_45.NASL
    descriptionThe version of MySQL Community Server installed on the remote host is reportedly affected by a denial of service vulnerability that can lead to a server crash with a specially crafted password packet. It is also affected by a privilege escalation vulnerability because
    last seen2020-06-01
    modified2020-06-02
    plugin id25759
    published2007-07-25
    reporterThis script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25759
    titleMySQL Community Server 5.0 < 5.0.45 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25759);
      script_version("1.22");
      script_cvs_date("Date: 2018/07/16 14:09:13");
    
      script_cve_id("CVE-2007-3780", "CVE-2007-3781", "CVE-2007-3782");
      script_bugtraq_id(25017);
    
      script_name(english:"MySQL Community Server 5.0 < 5.0.45 Multiple Vulnerabilities");
      script_summary(english:"Checks version of MySQL Community Server");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is susceptible to multiple attacks.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL Community Server installed on the remote host
    is reportedly affected by a denial of service vulnerability that can
    lead to a server crash with a specially crafted password packet. 
    
    It is also affected by a privilege escalation vulnerability because
    'CREATE TABLE LIKE' does not require any privileges on the source
    table, which allows an attacker to create arbitrary tables using the
    affected application.");
      script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-45.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MySQL Community Server version 5.0.45 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 264);
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/25");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/13");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_ports("Services/mysql", 3306);
      script_require_keys("Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("mysql_func.inc");
    
    
    # nb: banner checks of open source software are prone to false-
    #     positives so only run the check if reporting is paranoid.
    if (report_paranoia < 2)
      exit(1, "This plugin only runs if 'Report paranoia' is set to 'Paranoid'.");
    
    port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE);
    
    if (mysql_init(port:port, exit_on_fail:TRUE) == 1)
    {
      variant = mysql_get_variant();
      ver = mysql_get_version();
    
      if ("Community" >< variant && ver =~ "^5\.0\.([0-9]|[1-3][0-9]|4[0-4])($|[^0-9])")
      {
        report = '\nThe remote MySQL Community Server\'s version is :\n\n  '+ver+'\n';
        datadir = get_kb_item('mysql/' + port + '/datadir');
        if (!empty_or_null(datadir))
        {
          report += '  Data Dir          : ' + datadir + '\n';
        }
        databases = get_kb_item('mysql/' + port + '/databases');
        if (!empty_or_null(databases))
        { 
          report += '  Databases         :\n' + databases;
        }
        security_warning(port:port, extra:report);
      }
    }
    mysql_close();
    

Oval

accepted2013-04-29T04:18:27.646-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
familyunix
idoval:org.mitre.oval:def:9195
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
version18

Redhat

advisories
  • rhsa
    idRHSA-2007:0894
  • rhsa
    idRHSA-2008:0364
rpms
  • mysql-0:5.0.44-1.el4s1.1
  • mysql-bench-0:5.0.44-1.el4s1.1
  • mysql-cluster-0:5.0.44-1.el4s1.1
  • mysql-debuginfo-0:5.0.44-1.el4s1.1
  • mysql-devel-0:5.0.44-1.el4s1.1
  • mysql-libs-0:5.0.44-1.el4s1.1
  • mysql-server-0:5.0.44-1.el4s1.1
  • mysql-test-0:5.0.44-1.el4s1.1
  • mysql-0:5.0.45-7.el5
  • mysql-bench-0:5.0.45-7.el5
  • mysql-debuginfo-0:5.0.45-7.el5
  • mysql-devel-0:5.0.45-7.el5
  • mysql-server-0:5.0.45-7.el5
  • mysql-test-0:5.0.45-7.el5

Statements

contributorMark J Cox
lastmodified2007-07-17
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.