Medium Nessus Plugin ID 17618
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:019 (mysql).
MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar.
This security update fixes a broken mysqlhotcopy script as well as several security related bugs:
- CVE-2005-0709: MySQL allowed remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
- CVE-2005-0710: MySQL allowed remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
- CVE-2005-0711: MySQL used predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
The first two vulnerabilities can be exploited by an attacker using SQL inject attack vectors into a flawed PHP application for instance.