FreeBSD : mysql -- privilege escalation and overwrite of the system table information (8c451386-dff3-11dd-a765-0030843d3802)

High Nessus Plugin ID 35339


The remote FreeBSD host is missing one or more security-related updates.


MySQL reports :

Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 35339

File Name: freebsd_pkg_8c451386dff311dda7650030843d3802.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2009/01/12

Modified: 2016/05/09

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mysql-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/01/11

Vulnerability Publication Date: 2007/11/14

Reference Information

CVE: CVE-2007-5969

BID: 26765

CWE: 264