|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN96-1 : mysql-dfsg vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
mysql-dfsg vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libmysqlclient-dev
- libmysqlclient12
- mysql-client
- mysql-common
- mysql-server
Description :
Stefano Di Paola discovered three privilege escalation flaws in the MySQL
server:
- If an authenticated user had INSERT rights on the 'mysql' administrative
database, the CREATE FUNCTION command allowed that user to use libc functions
to execute arbitrary code with the rights of the database server (user
'mysql'). (CVE-2005-0709)
- If an authenticated user had INSERT rights on the 'mysql' administrative
database, it was possible to load a library located in an arbitrary directory
by using INSERT INTO mysql.func instead of CREATE FUNCTION. This allowed the
user to execute arbitrary code with the rights of the database server (user
'mysql'). (CVE-2005-0710)
- Temporary files belonging to tables created with CREATE TEMPORARY TABLE were
handled in an insecure way. This allowed any local computer user to overwrite
arbitrary files with the rights of the database server. (CVE-2005-0711)
Matt Brubeck discovered that the directory /usr/share/mysql/ was owned and
writ
[...]
Solution :
Upgrade to :
- libmysqlclient-dev-4.0.20-2ubuntu1.4 (Ubuntu 4.10)
- libmysqlclient12-4.0.20-2ubuntu1.4 (Ubuntu 4.10)
- mysql-client-4.0.20-2ubuntu1.4 (Ubuntu 4.10)
- mysql-common-4.0.20-2ubuntu1.4 (Ubuntu 4.10)
- mysql-server-4.0.20-2ubuntu1.4 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
