MySQL Community Server 5.0 < 5.0.67 Multiple Vulnerabilities

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by several issues.

Description :

The version of MySQL Community Server 5.0 installed on the remote host
is before 5.0.66. Such versions are reportedly affected by the
following issues :

- When using a FEDERATED table, a local server could be
forced to crash if the remote server returns a result
with fewer columns than expected (Bug #29801).

- ALTER VIEW retains the original DEFINER value, even
when altered by another user, which could allow that
user to gain the access rights of the view (Bug
#29908).

- A local user can circumvent privileges through creation
of MyISAM tables using the 'DATA DIRECTORY' and 'INDEX
DIRECTORY' options to overwrite existing table files in
the application's data directory (Bug #32167).

- RENAME TABLE against a table with DATA/INDEX DIRECTORY
overwrites the file to which the symlink points (Bug
#32111).

- It was possible to force an error message of excessive
length, which could lead to a buffer overflow (Bug
#32707).

- Three vulnerabilities in yaSSL versions 1.7.5 and
earlier as used in MySQL could allow an unauthenticated
remote attacker to crash the server or to execute
arbitrary code provided yaSSL is enabled and the server
allows TCP connections (Bug #33814).

- An empty bit-string literal (b'') used in a SQL statement
could result in a server crash (Bug #35658).

See also :

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-67.html
http://lists.mysql.com/announce/542

Solution :

Upgrade to MySQL Community Server version 5.0.67.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 34159 ()

Bugtraq ID: 26765
27140
29106

CVE ID: CVE-2007-5969
CVE-2008-0226
CVE-2008-0227
CVE-2008-2079
CVE-2008-3963
CVE-2008-4098