Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)

Medium Nessus Plugin ID 80705


The remote Solaris system is missing a security patch for third-party software.


The remote Solaris system is missing necessary patches to address security updates :

- MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. (CVE-2008-4098)

- sql/ in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. (CVE-2008-7247)

- MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. (CVE-2010-1626)

- MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. (CVE-2013-1861)


Upgrade to Solaris

See Also

Plugin Details

Severity: Medium

ID: 80705

File Name: solaris11_mysql_20130924.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2015/01/19

Modified: 2015/01/19

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.1, p-cpe:/a:oracle:solaris:mysql

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 2013/09/24

Reference Information

CVE: CVE-2008-4098, CVE-2008-7247, CVE-2010-1626, CVE-2013-1861

CWE: 59