Debian DSA-1413-1 : mysql - multiple vulnerabilities

medium Nessus Plugin ID 28336
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-2583 The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40 allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (Affects source version 5.0.32.)

- CVE-2007-2691 MySQL does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (All supported versions affected.)

- CVE-2007-2692 The mysql_change_db function does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (Affects source version 5.0.32.)

- CVE-2007-3780 MySQL could be made to overflow a signed char during authentication. Remote attackers could use specially crafted authentication requests to cause a denial of service. (Upstream source versions 4.1.11a and 5.0.32 affected.)

- CVE-2007-3782 Phil Anderton discovered that MySQL did not properly verify access privileges when accessing external tables.
As a result, authenticated users could exploit this to obtain UPDATE privileges to external tables. (Affects source version 5.0.32.)

- CVE-2007-5925 The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. (Affects source version 5.0.32.)

Solution

Upgrade the mysql packages.

For the old stable distribution (sarge), these problems have been fixed in version 4.0.24-10sarge3 of mysql-dfsg and version 4.1.11a-4sarge8 of mysql-dfsg-4.1.

For the stable distribution (etch), these problems have been fixed in version 5.0.32-7etch3 of the mysql-dfsg-5.0 packages.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426353

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424778

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424778

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451235

https://security-tracker.debian.org/tracker/CVE-2007-2583

https://security-tracker.debian.org/tracker/CVE-2007-2691

https://security-tracker.debian.org/tracker/CVE-2007-2692

https://security-tracker.debian.org/tracker/CVE-2007-3780

https://security-tracker.debian.org/tracker/CVE-2007-3782

https://security-tracker.debian.org/tracker/CVE-2007-5925

https://www.debian.org/security/2007/dsa-1413

Plugin Details

Severity: Medium

ID: 28336

File Name: debian_DSA-1413.nasl

Version: 1.20

Type: local

Agent: unix

Published: 11/29/2007

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mysql-dfsg, p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1, p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 11/26/2007

Reference Information

CVE: CVE-2007-2583, CVE-2007-2691, CVE-2007-2692, CVE-2007-5925

DSA: 1413

CWE: 20, 189