Oracle MySQL < 5.0.51 RENAME TABLE Symlink System Table Overwrite

High Nessus Network Monitor Plugin ID 4309

Synopsis

The remote database server is susceptible to a local symlink attack.

Description

The version of MySQL installed on the remote host reportedly fails to check whether a file to which a symlink points exists when using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options. A local attacker may be able to leverage this issue to overwrite system table information by replacing the file to which the symlink points.

Solution

Upgrade to version 5.0.51 or higher.

See Also

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html

http://forums.mysql.com/read.php?3,186931,186931

http://bugs.mysql.com/bug.php?id=32111

Plugin Details

Severity: High

ID: 4309

Family: Database

Published: 2007/12/05

Modified: 2016/01/22

Dependencies: 8914

Nessus ID: 29251

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.1

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 7

Vector: CVSS3#AV:N/AC:H/PR:S/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Reference Information

CVE: CVE-2007-5969

BID: 26765, 31681