Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities

low Nessus Plugin ID 22711

Synopsis

The remote Debian host is missing a security-related update.

Description

Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2006-4226 Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to.

- CVE-2006-4380 Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication.

Solution

Upgrade the mysql-server-4.1 package.

For the stable distribution (sarge) these problems have been fixed in version 4.1.11a-4sarge7. Version 4.0 is not affected by these problems.

See Also

https://security-tracker.debian.org/tracker/CVE-2006-4226

https://security-tracker.debian.org/tracker/CVE-2006-4380

http://www.debian.org/security/2006/dsa-1169

Plugin Details

Severity: Low

ID: 22711

File Name: debian_DSA-1169.nasl

Version: 1.20

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 3.6

Temporal Score: 2.7

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 9/5/2006

Vulnerability Publication Date: 5/8/2005

Reference Information

CVE: CVE-2006-4226, CVE-2006-4380

BID: 19559

DSA: 1169