Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1)

Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in
MySQL did not properly perform input validation. An authenticated user
could use a crafted CONTAINS statement to cause a denial of service.
(CVE-2007-5925)

It was discovered that under certain conditions MySQL could be made to
overwrite system table information. An authenticated user could use a
crafted RENAME statement to escalate privileges. (CVE-2007-5969)

Philip Stoev discovered that the the federated engine of MySQL did not
properly handle responses with a small number of columns. An
authenticated user could use a crafted response to a SHOW TABLE STATUS
query and cause a denial of service. (CVE-2007-6304)

It was discovered that MySQL did not properly enforce access controls.
An authenticated user could use a crafted CREATE TABLE LIKE statement
to escalate privileges. (CVE-2007-3781).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 29793 ()

Bugtraq ID: 26353

CVE ID: CVE-2007-3781
CVE-2007-5925
CVE-2007-5969
CVE-2007-6304