Debian DSA-707-1 : mysql - several vulnerabilities

medium Nessus Plugin ID 18042

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in MySQL, a popular database. The Common Vulnerabilities and Exposures project identifies the following problems :

- CAN-2004-0957 Sergei Golubchik discovered a problem in the access handling for similar named databases. If a user is granted privileges to a database with a name containing an underscore ('_'), the user also gains privileges to other databases with similar names.

- CAN-2005-0709

Stefano Di Paola discovered that MySQL allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls.

- CAN-2005-0710

Stefano Di Paola discovered that MySQL allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table.

- CAN-2005-0711

Stefano Di Paola discovered that MySQL uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Solution

Upgrade the mysql packages.

For the stable distribution (woody) these problems have been fixed in version 3.23.49-8.11.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285276

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296674

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=300158

http://www.debian.org/security/2005/dsa-707

Plugin Details

Severity: Medium

ID: 18042

File Name: debian_DSA-707.nasl

Version: 1.22

Type: local

Agent: unix

Published: 4/14/2005

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mysql, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/13/2005

Vulnerability Publication Date: 5/29/2004

Reference Information

CVE: CVE-2004-0957, CVE-2005-0709, CVE-2005-0710, CVE-2005-0711

BID: 12781

DSA: 707