MySQL Community Server 5.0 < 5.0.51 RENAME TABLE Symlink System Table Overwrite

high Nessus Plugin ID 29251

Synopsis

The remote database server is susceptible to a local symlink attack.

Description

The version of MySQL Community Server installed on the remote host reportedly fails to check whether a file to which a symlink points exists when using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options. A local attacker may be able to leverage this issue to overwrite system table information by replacing the file to which the symlink points.

Solution

Upgrade to MySQL Community Server version 5.0.51 or later.

See Also

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-51.html

https://forums.mysql.com/read.php?3,186931,186931

Plugin Details

Severity: High

ID: 29251

File Name: mysql_5_0_51.nasl

Version: 1.18

Type: remote

Family: Databases

Published: 12/10/2007

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-5969

BID: 26765

CWE: 264