Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2005:060: MySQL Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the MySQL package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2005:060 (MySQL).



A number of vulnerabilities were discovered by Stefano Di Paola in the MySQL
server:

If an authenticated user had INSERT rights on the 'mysql' database, the
CREATE FUNCTION command allowed that user to use libc functions to execute
arbitrary code with the rights of the user running the database server
(mysql) (CVE-2005-0709).

If an authenticated user had INSERT rights on the 'mysql' database, it was
possible to load a library located in an arbitrary directory by using INSERT
INTO mysql.func instead of CREATE FUNCTION. This also would allow the user to
execute arbitrary code with the rights of the user running the database
server (CVE-2005-0710).

Finally, temporary files belonging to tables created with CREATE TEMPORARY
TABLE were handled in an insecure manner, allowing any local user to overwrite
arbitrary files with the rights of the database server (CVE-2005-0711).

The updated packages have been patched to correct these issues.



Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:060
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.