SUSE-SA:2005:019: mysql

Medium Nessus Plugin ID 17618


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2005:019 (mysql).

MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar.

This security update fixes a broken mysqlhotcopy script as well as several security related bugs:

- CVE-2005-0709: MySQL allowed remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

- CVE-2005-0710: MySQL allowed remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

- CVE-2005-0711: MySQL used predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

The first two vulnerabilities can be exploited by an attacker using SQL inject attack vectors into a flawed PHP application for instance.


Plugin Details

Severity: Medium

ID: 17618

File Name: suse_SA_2005_019.nasl

Version: $Revision: 1.7 $

Agent: unix

Published: 2005/03/25

Modified: 2016/12/27

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2005-0709, CVE-2005-0710, CVE-2005-0711