Vulnerabilities > CVE-2007-3781 - Denial of Service vulnerability in Mysql Community Server 5.0.41/5.0.44
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20080521_MYSQL_ON_SL5_X.NASL description MySQL did not require privileges such as last seen 2020-06-01 modified 2020-06-02 plugin id 60406 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60406 title Scientific Linux Security Update : mysql on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60406); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2006-0903", "CVE-2006-4031", "CVE-2006-4227", "CVE-2006-7232", "CVE-2007-1420", "CVE-2007-2583", "CVE-2007-2691", "CVE-2007-2692", "CVE-2007-3781", "CVE-2007-3782"); script_name(english:"Scientific Linux Security Update : mysql on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "MySQL did not require privileges such as 'SELECT' for the source table in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain sensitive information, such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed an authenticated user to gain update privileges for a table in another database, via a view that refers to the external table. (CVE-2007-3782) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL allowed an authenticated user to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) MySQL evaluated arguments in the wrong security context, which allowed an authenticated user to gain privileges through a routine that had been made available using 'GRANT EXECUTE'. (CVE-2006-4227) Multiple flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583) As well, these updated packages fix the following bugs : - a separate counter was used for 'insert delayed' statements, which caused rows to be discarded. In these updated packages, 'insert delayed' statements no longer use a separate counter, which resolves this issue. - due to a bug in the Native POSIX Thread Library, in certain situations, 'flush tables' caused a deadlock on tables that had a read lock. The mysqld daemon had to be killed forcefully. Now, 'COND_refresh' has been replaced with 'COND_global_read_lock', which resolves this issue. - mysqld crashed if a query for an unsigned column type contained a negative value for a 'WHERE [column] NOT IN' subquery. - in master and slave server situations, specifying 'on duplicate key update' for 'insert' statements did not update slave servers. - in the mysql client, empty strings were displayed as 'NULL'. For example, running 'insert into [table-name] values (' ');' resulted in a 'NULL' entry being displayed when querying the table using 'select * from [table-name];'. - a bug in the optimizer code resulted in certain queries executing much slower than expected. - on 64-bit PowerPC architectures, MySQL did not calculate the thread stack size correctly, which could have caused MySQL to crash when overly-complex queries were used. Note: these updated packages upgrade MySQL to version 5.0.45. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html" ); # http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0805&L=scientific-linux-errata&T=0&P=2055 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7b67d151" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_cwe_id(20, 89, 189, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"mysql-5.0.45-7.el5")) flag++; if (rpm_check(release:"SL5", reference:"mysql-bench-5.0.45-7.el5")) flag++; if (rpm_check(release:"SL5", reference:"mysql-devel-5.0.45-7.el5")) flag++; if (rpm_check(release:"SL5", reference:"mysql-server-5.0.45-7.el5")) flag++; if (rpm_check(release:"SL5", reference:"mysql-test-5.0.45-7.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200708-10.NASL description The remote host is affected by the vulnerability described in GLSA-200708-10 (MySQL: Denial of Service and information leakage) Dormando reported a vulnerability within the handling of password packets in the connection protocol (CVE-2007-3780). Andrei Elkin also found that the last seen 2020-06-01 modified 2020-06-02 plugin id 25916 published 2007-08-21 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25916 title GLSA-200708-10 : MySQL: Denial of Service and information leakage code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200708-10. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(25916); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-3780", "CVE-2007-3781"); script_bugtraq_id(25017); script_xref(name:"GLSA", value:"200708-10"); script_name(english:"GLSA-200708-10 : MySQL: Denial of Service and information leakage"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200708-10 (MySQL: Denial of Service and information leakage) Dormando reported a vulnerability within the handling of password packets in the connection protocol (CVE-2007-3780). Andrei Elkin also found that the 'CREATE TABLE LIKE' command didn't require SELECT privileges on the source table (CVE-2007-3781). Impact : A remote unauthenticated attacker could use the first vulnerability to make the server crash. The second vulnerability can be used by authenticated users to obtain information on tables they are not normally able to access. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200708-10" ); script_set_attribute( attribute:"solution", value: "All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.0.44'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.0.44"), vulnerable:make_list("lt 5.0.44"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MySQL"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-348-01.NASL description New mysql packages are available for Slackware 11.0, 12.0, and -current to fix bugs and security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29704 published 2007-12-17 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29704 title Slackware 11.0 / 12.0 / current : mysql (SSA:2007-348-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2007-348-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(29704); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2007-3781", "CVE-2007-5925", "CVE-2007-5969"); script_xref(name:"SSA", value:"2007-348-01"); script_name(english:"Slackware 11.0 / 12.0 / current : mysql (SSA:2007-348-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New mysql packages are available for Slackware 11.0, 12.0, and -current to fix bugs and security issues." ); # http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.0/en/news-5-0-51.html" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5a42b251" ); script_set_attribute(attribute:"solution", value:"Update the affected mysql package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C"); script_cwe_id(20, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"11.0", pkgname:"mysql", pkgver:"5.0.51", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"mysql", pkgver:"5.0.51", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"current", pkgname:"mysql", pkgver:"5.0.51", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-243.NASL description A vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error (CVE-2007-5925). Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to (CVE-2007-5969). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29300 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29300 title Mandrake Linux Security Advisory : MySQL (MDKSA-2007:243) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:243. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(29300); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-3781", "CVE-2007-5925", "CVE-2007-5969"); script_xref(name:"MDKSA", value:"2007:243"); script_name(english:"Mandrake Linux Security Advisory : MySQL (MDKSA-2007:243)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error (CVE-2007-5925). Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to (CVE-2007-5969). The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C"); script_cwe_id(20, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-Max"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-management"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-ndb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"MySQL-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-Max-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-bench-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-client-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-common-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-extra-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-management-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-storage-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"MySQL-ndb-tools-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64mysql15-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64mysql15-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64mysql15-static-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmysql15-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmysql15-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libmysql15-static-devel-5.0.24a-2.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-Max-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-bench-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-client-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-common-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-extra-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-management-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-storage-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"MySQL-ndb-tools-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql15-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql15-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql15-static-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql15-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql15-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql15-static-devel-5.0.37-2.3mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql-static-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql15-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql-static-devel-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql15-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-bench-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-client-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-common-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-max-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-extra-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-management-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-storage-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-tools-5.0.45-7.1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0364.NASL description Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not require privileges such as last seen 2020-06-01 modified 2020-06-02 plugin id 32425 published 2008-05-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32425 title RHEL 5 : mysql (RHSA-2008:0364) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0364. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(32425); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2006-0903", "CVE-2006-4031", "CVE-2006-4227", "CVE-2006-7232", "CVE-2007-1420", "CVE-2007-2583", "CVE-2007-2691", "CVE-2007-2692", "CVE-2007-3781", "CVE-2007-3782"); script_bugtraq_id(19279, 19559, 23911, 24011, 24016, 25017); script_xref(name:"RHSA", value:"2008:0364"); script_name(english:"RHEL 5 : mysql (RHSA-2008:0364)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not require privileges such as 'SELECT' for the source table in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain sensitive information, such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed an authenticated user to gain update privileges for a table in another database, via a view that refers to the external table. (CVE-2007-3782) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL allowed an authenticated user to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) MySQL evaluated arguments in the wrong security context, which allowed an authenticated user to gain privileges through a routine that had been made available using 'GRANT EXECUTE'. (CVE-2006-4227) Multiple flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583) As well, these updated packages fix the following bugs : * a separate counter was used for 'insert delayed' statements, which caused rows to be discarded. In these updated packages, 'insert delayed' statements no longer use a separate counter, which resolves this issue. * due to a bug in the Native POSIX Thread Library, in certain situations, 'flush tables' caused a deadlock on tables that had a read lock. The mysqld daemon had to be killed forcefully. Now, 'COND_refresh' has been replaced with 'COND_global_read_lock', which resolves this issue. * mysqld crashed if a query for an unsigned column type contained a negative value for a 'WHERE [column] NOT IN' subquery. * in master and slave server situations, specifying 'on duplicate key update' for 'insert' statements did not update slave servers. * in the mysql client, empty strings were displayed as 'NULL'. For example, running 'insert into [table-name] values (' ');' resulted in a 'NULL' entry being displayed when querying the table using 'select * from [table-name];'. * a bug in the optimizer code resulted in certain queries executing much slower than expected. * on 64-bit PowerPC architectures, MySQL did not calculate the thread stack size correctly, which could have caused MySQL to crash when overly-complex queries were used. Note: these updated packages upgrade MySQL to version 5.0.45. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html All mysql users are advised to upgrade to these updated packages, which resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0903" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4031" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4227" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7232" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1420" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2583" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2691" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2692" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3781" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3782" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0364" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 89, 189, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0364"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"mysql-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql-bench-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql-bench-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql-bench-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"mysql-devel-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql-server-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql-server-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql-server-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mysql-test-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mysql-test-5.0.45-7.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mysql-test-5.0.45-7.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-server / mysql-test"); } }
NASL family SuSE Local Security Checks NASL id SUSE_MYSQL-4375.NASL description This update provides fixes for : - CVE-2007-3780: remote triggerable crash - CVE-2007-3781: query tables without propper authorisation - CVE-2007-3782: gain update privileges without propper authorisation last seen 2020-06-01 modified 2020-06-02 plugin id 27359 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27359 title openSUSE 10 Security Update : mysql (mysql-4375) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update mysql-4375. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27359); script_version ("1.14"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-3780", "CVE-2007-3781", "CVE-2007-3782"); script_name(english:"openSUSE 10 Security Update : mysql (mysql-4375)"); script_summary(english:"Check for the mysql-4375 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update provides fixes for : - CVE-2007-3780: remote triggerable crash - CVE-2007-3781: query tables without propper authorisation - CVE-2007-3782: gain update privileges without propper authorisation" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-Max"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-shared"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-shared-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"mysql-5.0.26-12.13") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"mysql-Max-5.0.26-12.13") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"mysql-bench-5.0.26-12.13") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"mysql-client-5.0.26-12.13") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"mysql-devel-5.0.26-12.13") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"mysql-shared-5.0.26-12.13") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-12.13") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"mysql-5.0.26-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"mysql-Max-5.0.26-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"mysql-bench-5.0.26-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"mysql-client-5.0.26-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"mysql-debug-5.0.26-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"mysql-devel-5.0.26-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"mysql-shared-5.0.26-14") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-14") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-559-1.NASL description Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. (CVE-2007-5925) It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. (CVE-2007-5969) Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. (CVE-2007-6304) It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges. (CVE-2007-3781). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29793 published 2007-12-24 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29793 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-559-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(29793); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-3781", "CVE-2007-5925", "CVE-2007-5969", "CVE-2007-6304"); script_bugtraq_id(25017, 26353, 26765, 26832); script_xref(name:"USN", value:"559-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. (CVE-2007-5925) It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. (CVE-2007-5969) Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. (CVE-2007-6304) It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges. (CVE-2007-3781). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/559-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15off"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libmysqlclient15-dev", pkgver:"5.0.22-0ubuntu6.06.6")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libmysqlclient15off", pkgver:"5.0.22-0ubuntu6.06.6")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mysql-client", pkgver:"5.0.22-0ubuntu6.06.6")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mysql-client-5.0", pkgver:"5.0.22-0ubuntu6.06.6")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mysql-common", pkgver:"5.0.22-0ubuntu6.06.6")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mysql-server", pkgver:"5.0.22-0ubuntu6.06.6")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mysql-server-5.0", pkgver:"5.0.22-0ubuntu6.06.6")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libmysqlclient15-dev", pkgver:"5.0.24a-9ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libmysqlclient15off", pkgver:"5.0.24a-9ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mysql-client", pkgver:"5.0.24a-9ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mysql-client-5.0", pkgver:"5.0.24a-9ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mysql-common", pkgver:"5.0.24a-9ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mysql-server", pkgver:"5.0.24a-9ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mysql-server-5.0", pkgver:"5.0.24a-9ubuntu2.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libmysqlclient15-dev", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libmysqlclient15off", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mysql-client", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mysql-client-5.0", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mysql-common", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mysql-server", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mysql-server-4.1", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mysql-server-5.0", pkgver:"5.0.38-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libmysqlclient15-dev", pkgver:"5.0.45-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libmysqlclient15off", pkgver:"5.0.45-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"mysql-client", pkgver:"5.0.45-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"mysql-client-5.0", pkgver:"5.0.45-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"mysql-common", pkgver:"5.0.45-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"mysql-server", pkgver:"5.0.45-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"mysql-server-5.0", pkgver:"5.0.45-1ubuntu3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqlclient15-dev / libmysqlclient15off / mysql-client / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1451.NASL description Several local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3781 It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced, which might lead to information disclosure. This is only exploitable by authenticated users. - CVE-2007-5969 It was discovered that symbolic links were handled insecurely during the creation of tables with DATA DIRECTORY or INDEX DIRECTORY statements, which might lead to denial of service by overwriting data. This is only exploitable by authenticated users. - CVE-2007-6304 It was discovered that queries to data in a FEDERATED table can lead to a crash of the local database server, if the remote server returns information with less columns than expected, resulting in denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 29860 published 2008-01-07 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29860 title Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1451. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(29860); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-3781", "CVE-2007-5969", "CVE-2007-6304"); script_xref(name:"DSA", value:"1451"); script_name(english:"Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3781 It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced, which might lead to information disclosure. This is only exploitable by authenticated users. - CVE-2007-5969 It was discovered that symbolic links were handled insecurely during the creation of tables with DATA DIRECTORY or INDEX DIRECTORY statements, which might lead to denial of service by overwriting data. This is only exploitable by authenticated users. - CVE-2007-6304 It was discovered that queries to data in a FEDERATED table can lead to a crash of the local database server, if the remote server returns information with less columns than expected, resulting in denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3781" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5969" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6304" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1451" ); script_set_attribute( attribute:"solution", value: "Upgrade the mysql-dfsg-5.0 packages. The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0. For the stable distribution (etch), these problems have been fixed in version 5.0.32-7etch4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libmysqlclient15-dev", reference:"5.0.32-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"libmysqlclient15off", reference:"5.0.32-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"mysql-client", reference:"5.0.32-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"mysql-client-5.0", reference:"5.0.32-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"mysql-common", reference:"5.0.32-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"mysql-server", reference:"5.0.32-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"mysql-server-4.1", reference:"5.0.32-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"mysql-server-5.0", reference:"5.0.32-7etch4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_MYSQL-4376.NASL description This update provides fixes for : - remote triggerable crash. (CVE-2007-3780) - query tables without propper authorisation. (CVE-2007-3781) - gain update privileges without propper authorisation. (CVE-2007-3782) last seen 2020-06-01 modified 2020-06-02 plugin id 29525 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29525 title SuSE 10 Security Update : MySQL (ZYPP Patch Number 4376) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29525); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-3780", "CVE-2007-3781", "CVE-2007-3782"); script_name(english:"SuSE 10 Security Update : MySQL (ZYPP Patch Number 4376)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update provides fixes for : - remote triggerable crash. (CVE-2007-3780) - query tables without propper authorisation. (CVE-2007-3781) - gain update privileges without propper authorisation. (CVE-2007-3782)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3780.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3781.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3782.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4376."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"mysql-5.0.26-12.13")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"mysql-client-5.0.26-12.13")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"mysql-devel-5.0.26-12.13")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"mysql-shared-5.0.26-12.13")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-12.13")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"mysql-5.0.26-12.13")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"mysql-Max-5.0.26-12.13")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"mysql-client-5.0.26-12.13")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"mysql-devel-5.0.26-12.13")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"mysql-shared-5.0.26-12.13")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"mysql-shared-32bit-5.0.26-12.13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Databases NASL id MYSQL_5_0_45.NASL description The version of MySQL Community Server installed on the remote host is reportedly affected by a denial of service vulnerability that can lead to a server crash with a specially crafted password packet. It is also affected by a privilege escalation vulnerability because last seen 2020-06-01 modified 2020-06-02 plugin id 25759 published 2007-07-25 reporter This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25759 title MySQL Community Server 5.0 < 5.0.45 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25759); script_version("1.22"); script_cvs_date("Date: 2018/07/16 14:09:13"); script_cve_id("CVE-2007-3780", "CVE-2007-3781", "CVE-2007-3782"); script_bugtraq_id(25017); script_name(english:"MySQL Community Server 5.0 < 5.0.45 Multiple Vulnerabilities"); script_summary(english:"Checks version of MySQL Community Server"); script_set_attribute(attribute:"synopsis", value: "The remote database server is susceptible to multiple attacks."); script_set_attribute(attribute:"description", value: "The version of MySQL Community Server installed on the remote host is reportedly affected by a denial of service vulnerability that can lead to a server crash with a specially crafted password packet. It is also affected by a privilege escalation vulnerability because 'CREATE TABLE LIKE' does not require any privileges on the source table, which allows an attacker to create arbitrary tables using the affected application."); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-45.html"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL Community Server version 5.0.45 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 264); script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_ports("Services/mysql", 3306); script_require_keys("Settings/ParanoidReport"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("mysql_func.inc"); # nb: banner checks of open source software are prone to false- # positives so only run the check if reporting is paranoid. if (report_paranoia < 2) exit(1, "This plugin only runs if 'Report paranoia' is set to 'Paranoid'."); port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE); if (mysql_init(port:port, exit_on_fail:TRUE) == 1) { variant = mysql_get_variant(); ver = mysql_get_version(); if ("Community" >< variant && ver =~ "^5\.0\.([0-9]|[1-3][0-9]|4[0-4])($|[^0-9])") { report = '\nThe remote MySQL Community Server\'s version is :\n\n '+ver+'\n'; datadir = get_kb_item('mysql/' + port + '/datadir'); if (!empty_or_null(datadir)) { report += ' Data Dir : ' + datadir + '\n'; } databases = get_kb_item('mysql/' + port + '/databases'); if (!empty_or_null(databases)) { report += ' Databases :\n' + databases; } security_warning(port:port, extra:report); } } mysql_close();
Oval
accepted | 2013-04-29T04:18:27.646-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:9195 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | ||||||||||||
version | 18 |
Redhat
advisories |
| ||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2007-07-17 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
References
- http://bugs.mysql.com/bug.php?id=25578
- http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html
- http://lists.mysql.com/announce/470
- http://osvdb.org/37783
- http://secunia.com/advisories/25301
- http://secunia.com/advisories/26073
- http://secunia.com/advisories/26430
- http://secunia.com/advisories/26498
- http://secunia.com/advisories/26987
- http://secunia.com/advisories/28040
- http://secunia.com/advisories/28108
- http://secunia.com/advisories/28128
- http://secunia.com/advisories/28343
- http://secunia.com/advisories/30351
- http://security.gentoo.org/glsa/glsa-200708-10.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959
- http://www.debian.org/security/2008/dsa-1451
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:243
- http://www.redhat.com/support/errata/RHSA-2007-0894.html
- http://www.redhat.com/support/errata/RHSA-2008-0364.html
- http://www.securityfocus.com/archive/1/473874/100/0/threaded
- http://www.securityfocus.com/bid/25017
- https://issues.rpath.com/browse/RPL-1536
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195
- https://usn.ubuntu.com/559-1/