Executive Summary

Summary
Title Updated MySQL packages fix vulnerabilities
Informations
Name MDKSA-2007:177 First vendor Publication 2007-09-06
Vendor Mandriva Last vendor Modification 2007-09-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash (CVE-2007-3780).

Another flaw was discovered in MySQL that allowed remote authenticated users to gain update privileges for a table in another database via a view that refers to the external table (CVE-2007-3782).

Updated packages have been patched to prevent these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:177

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10563
 
Oval ID: oval:org.mitre.oval:def:10563
Title: MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
Description: MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3782
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11058
 
Oval ID: oval:org.mitre.oval:def:11058
Title: MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
Description: MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3780
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17461
 
Oval ID: oval:org.mitre.oval:def:17461
Title: USN-528-1 -- mysql-dfsg-5.0 vulnerabilities
Description: Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero.
Family: unix Class: patch
Reference(s): USN-528-1
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
 Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22310
 
Oval ID: oval:org.mitre.oval:def:22310
Title: ELSA-2008:0364: mysql security and bug fix update (Low)
Description: MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
Family: unix Class: patch
Reference(s): ELSA-2008:0364-01
CVE-2006-0903
CVE-2006-4031
CVE-2006-4227
CVE-2006-7232
CVE-2007-1420
CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3781
CVE-2007-3782
 Version: 45
Platform(s): Oracle Linux 5
 Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22681
 
Oval ID: oval:org.mitre.oval:def:22681
Title: ELSA-2007:0875: mysql security update (Important)
Description: MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
Family: unix Class: patch
Reference(s): ELSA-2007:0875-02
CVE-2007-3780
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): mysql
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for MySQL MDKSA-2007:177 (MySQL)
File : nvt/gb_mandriva_MDKSA_2007_177.nasl
2009-03-23 Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1
File : nvt/gb_ubuntu_USN_528_1.nasl
2009-03-06 Name : RedHat Update for mysql RHSA-2008:0364-01
File : nvt/gb_RHSA-2008_0364-01_mysql.nasl
2009-01-13 Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server18.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200708-10 (mysql)
File : nvt/glsa_200708_10.nasl
2008-01-17 Name : Debian Security Advisory DSA 1413-1 (mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1)
File : nvt/deb_1413_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
37782 MySQL Community Server External Table View Privilege Escalation
36732 MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0875.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070830_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080521_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-01-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_240ac24cdff311dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-05-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0364.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-4376.nasl - Type : ACT_GATHER_INFO
2007-11-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1413.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-528-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_mysql-4375.nasl - Type : ACT_GATHER_INFO
2007-09-07 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-177.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0875.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0875.nasl - Type : ACT_GATHER_INFO
2007-08-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200708-10.nasl - Type : ACT_GATHER_INFO
2007-07-25 Name : The remote database server is susceptible to multiple attacks.
File : mysql_5_0_45.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:38:52
  • Multiple Updates