Detections
Analytics

MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities

medium Nessus Plugin ID 29345

Language:

Synopsis

The remote database server is affected by several issues.

Description

The version of MySQL Server installed on the remote host reportedly is affected by the following issues :

 - It is possible, by creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options, to gain privileges on other tables having the same name as the partitioned table. (Bug #32091)

 - Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information. (Bug #32111).

 - ALTER VIEW retains the original DEFINER value, even when altered by another user, which can allow that user to gain the access rights of the view. (Bug #29908)

 - When using a FEDERATED table, the local server can be forced to crash if the remote server returns a result with fewer columns than expected. (Bug #29801)

Solution

Upgrade to MySQL Community Server version 5.1.23 / 6.0.4 or later.

See Also

https://bugs.mysql.com/bug.php?id=32091

https://bugs.mysql.com/bug.php?id=32111

https://bugs.mysql.com/bug.php?id=29908

https://bugs.mysql.com/bug.php?id=29801

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

http://www.nessus.org/u?0e513c99

Plugin Details

Severity: Medium

ID: 29345

File Name: mysql_5_1_23.nasl

Version: 1.18

Type: remote

Family: Databases

Published: 12/13/2007

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2007-5925, CVE-2007-5969, CVE-2007-5970, CVE-2007-6303, CVE-2007-6304

BID: 26765, 26832

CWE: 20, 264