FreeBSD : mysql -- erroneous access restrictions applied to table renames (035d17b2-484a-11d9-813c-00065be4b5b6)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Red Hat advisory reports :

Oleksandr Byelkin discovered that 'ALTER TABLE ... RENAME' checked the
CREATE/INSERT rights of the old table instead of the new one.

Table access restrictions, on the affected MySQL servers, may
accidentally or intentionally be bypassed due to this bug.

See also :

http://bugs.mysql.com/bug.php?id=3270
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://xforce.iss.net/xforce/xfdb/17666
http://www.nessus.org/u?8e780186

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18823 (freebsd_pkg_035d17b2484a11d9813c00065be4b5b6.nasl)

Bugtraq ID: 11357

CVE ID: CVE-2004-0835

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now