Detections
Analytics
FreeBSD : mysql-server -- multiple remote vulnerabilities (619ef337-949a-11d9-b813-00d05964249f)
medium Nessus Plugin ID 18956
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
SecurityFocus reports :MySQL is reported prone to an insecure temporary file creation vulnerability.
Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.
MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.
Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process.
Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures.
This issue may be exploited to execute arbitrary code in the context of the database process.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 18956
File Name: freebsd_pkg_619ef337949a11d9b81300d05964249f.nasl
Version: 1.17
Type: local
Family: FreeBSD Local Security Checks
Published: 7/13/2005
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.8
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:mysql-server, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/14/2005
Vulnerability Publication Date: 3/11/2005
Reference Information
CVE: CVE-2005-0709, CVE-2005-0710, CVE-2005-0711
BID: 12781