FreeBSD : mysql -- MyISAM table privileges security bypass vulnerability (388d9ee4-7f22-11dd-a66a-0019666436c2)

medium Nessus Plugin ID 34151

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

SecurityFocus reports :

MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?5979460b

Plugin Details

Severity: Medium

ID: 34151

File Name: freebsd_pkg_388d9ee47f2211dda66a0019666436c2.nasl

Version: 1.17

Type: local

Published: 9/10/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mysql-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 9/10/2008

Vulnerability Publication Date: 5/5/2008

Reference Information

CVE: CVE-2008-2079

BID: 29106

CWE: 264