CentOS 3 : mysql-server (CESA-2005:348)

medium Nessus Plugin ID 21926

Synopsis

The remote CentOS host is missing one or more security updates.

Description

Updated mysql-server packages that fix several vulnerabilities are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes several security risks in the MySQL server.

Stefano Di Paola discovered two bugs in the way MySQL handles user-defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0709 and CVE-2005-0710 to these issues.

Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0711 to this issue.

All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues.

Solution

Update the affected mysql-server packages.

See Also

http://www.nessus.org/u?96375831

http://www.nessus.org/u?85e7fe6b

http://www.nessus.org/u?992d5b7b

Plugin Details

Severity: Medium

ID: 21926

File Name: centos_RHSA-2005-348.nasl

Version: 1.21

Type: local

Agent: unix

Published: 7/5/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:centos:centos:mysql, p-cpe:/a:centos:centos:mysql-bench, p-cpe:/a:centos:centos:mysql-devel, p-cpe:/a:centos:centos:mysql-server, cpe:/o:centos:centos:3

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Patch Publication Date: 4/5/2005

Vulnerability Publication Date: 5/2/2005

Reference Information

CVE: CVE-2005-0709, CVE-2005-0710, CVE-2005-0711

RHSA: 2005:348