Synopsis
The remote host is missing a vendor-supplied security patch
Description
The remote host is missing the patch for the advisory SUSE-SA:2005:019 (mysql).
MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar.
This security update fixes a broken mysqlhotcopy script as well as several security related bugs:
- CVE-2005-0709: MySQL allowed remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
- CVE-2005-0710: MySQL allowed remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
- CVE-2005-0711: MySQL used predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
The first two vulnerabilities can be exploited by an attacker using SQL inject attack vectors into a flawed PHP application for instance.
Solution
http://www.suse.de/security/advisories/2005_19_mysql.html
Plugin Details
File Name: suse_SA_2005_019.nasl
Agent: unix
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list