RHEL 3 : mysql-server (RHSA-2005:348)

medium Nessus Plugin ID 17981

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated mysql-server packages that fix several vulnerabilities are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes several security risks in the MySQL server.

Stefano Di Paola discovered two bugs in the way MySQL handles user-defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0709 and CVE-2005-0710 to these issues.

Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0711 to this issue.

All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues.

Solution

Update the affected mysql-server package.

See Also

https://www.redhat.com/security/data/cve/CVE-2005-0709.html

https://www.redhat.com/security/data/cve/CVE-2005-0710.html

https://www.redhat.com/security/data/cve/CVE-2005-0711.html

http://rhn.redhat.com/errata/RHSA-2005-348.html

Plugin Details

Severity: Medium

ID: 17981

File Name: redhat-RHSA-2005-348.nasl

Version: 1.14

Type: local

Agent: unix

Published: 4/6/2005

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mysql-server, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 4/5/2005

Vulnerability Publication Date: 3/11/2005

Reference Information

CVE: CVE-2005-0709, CVE-2005-0710, CVE-2005-0711

RHSA: 2005:348