FreeBSD : mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (738f8f9e-d661-11dd-a765-0030843d3802)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

MySQL Team reports :

Additional corrections were made for the symlink-related privilege
problem originally addressed. The original fix did not correctly
handle the data directory pathname if it contained symlinked
directories in its path, and the check was made only at table-creation
time, not at table-opening time later.

See also :

http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html
http://www.nessus.org/u?c894b9a0
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html
http://www.nessus.org/u?f44a6ea1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://www.nessus.org/u?38d157d3

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35279 (freebsd_pkg_738f8f9ed66111dda7650030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-2079
CVE-2008-4097
CVE-2008-4098

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now