SUSE-SA:2005:019: mysql

medium Nessus Plugin ID 17618

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:019 (mysql).


MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar.

This security update fixes a broken mysqlhotcopy script as well as several security related bugs:

- CVE-2005-0709: MySQL allowed remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

- CVE-2005-0710: MySQL allowed remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

- CVE-2005-0711: MySQL used predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.


The first two vulnerabilities can be exploited by an attacker using SQL inject attack vectors into a flawed PHP application for instance.

Solution

http://www.suse.de/security/advisories/2005_19_mysql.html

Plugin Details

Severity: Medium

ID: 17618

File Name: suse_SA_2005_019.nasl

Version: 1.11

Agent: unix

Published: 3/25/2005

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2005-0709, CVE-2005-0710, CVE-2005-0711