GLSA-200503-19 : MySQL: Multiple vulnerabilities

Medium Nessus Plugin ID 17344


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200503-19 (MySQL: Multiple vulnerabilities)

MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges (CAN-2005-0709 and CAN-2005-0710).
Furthermore MySQL uses predictable filenames when creating temporary files with CREATE TEMPORARY TABLE (CAN-2005-0711).
Impact :

An attacker with INSERT and DELETE privileges could exploit this to manipulate the mysql table or accessing libc calls, potentially leading to the execution of arbitrary code with the permissions of the user running MySQL. An attacker with CREATE TEMPORARY TABLE privileges could exploit this to overwrite arbitrary files via a symlink attack.
Workaround :

There is no known workaround at this time.


All MySQL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/mysql-4.0.24'

See Also

Plugin Details

Severity: Medium

ID: 17344

File Name: gentoo_GLSA-200503-19.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2005/03/17

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mysql, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2005/03/16

Vulnerability Publication Date: 2005/03/11

Reference Information

CVE: CVE-2005-0709, CVE-2005-0710, CVE-2005-0711

OSVDB: 14676, 14677, 14678

GLSA: 200503-19