FreeBSD : mysql -- GRANT access restriction problem (01c231cd-4393-11d9-8bb9-00065be4b5b6)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

When a user is granted access to a database with a name containing an
underscore and the underscore is not escaped then that user might also
be able to access other, similarly named, databases on the affected
system.

The problem is that the underscore is seen as a wildcard by MySQL and
therefore it is possible that an admin might accidentally GRANT a user
access to multiple databases.

See also :

http://bugs.mysql.com/bug.php?id=3933
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html
http://www.nessus.org/u?574cb350

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18817 (freebsd_pkg_01c231cd439311d98bb900065be4b5b6.nasl)

Bugtraq ID: 11435

CVE ID: CVE-2004-0957

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now