Executive Summary

Summary
Title mysql security update
Informations
Name RHSA-2007:1155 First vendor Publication 2007-12-18
Vendor RedHat Last vendor Modification 2007-12-18
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 3.9 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries.

A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969)

A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925)

All mysql users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

377451 - CVE-2007-5925 mysql DoS in the InnoDB Engine 397071 - CVE-2007-5969 mysql: possible system table information overwrite using symlinks

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2007-1155.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10509
 
Oval ID: oval:org.mitre.oval:def:10509
Title: MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Description: MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5969
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11390
 
Oval ID: oval:org.mitre.oval:def:11390
Title: The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Description: The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5925
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20366
 
Oval ID: oval:org.mitre.oval:def:20366
Title: DSA-1413-1 mysql - multiple
Description: Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorised database modifications to remotely triggered server crashes.
Family: unix Class: patch
Reference(s): DSA-1413-1
CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3780
CVE-2007-3782
CVE-2007-5925
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21851
 
Oval ID: oval:org.mitre.oval:def:21851
Title: ELSA-2007:1155: mysql security update (Important)
Description: MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Family: unix Class: patch
Reference(s): ELSA-2007:1155-01
CVE-2007-5969
CVE-2007-5925
Version: 13
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 9
Application 1
Application 5
Application 301

OpenVAS Exploits

Date Description
2012-03-16 Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2010-05-12 Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5021882.nasl
2009-04-09 Name : Mandriva Update for MySQL MDKSA-2007:243 (MySQL)
File : nvt/gb_mandriva_MDKSA_2007_243.nasl
2009-03-23 Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1
File : nvt/gb_ubuntu_USN_559_1.nasl
2009-03-06 Name : RedHat Update for mysql RHSA-2007:1155-01
File : nvt/gb_RHSA-2007_1155-01_mysql.nasl
2009-02-27 Name : CentOS Update for mysql CESA-2007:1155 centos4 i386
File : nvt/gb_CESA-2007_1155_mysql_centos4_i386.nasl
2009-02-27 Name : CentOS Update for mysql CESA-2007:1155 centos4 x86_64
File : nvt/gb_CESA-2007_1155_mysql_centos4_x86_64.nasl
2009-02-27 Name : Fedora Update for mysql FEDORA-2007-4465
File : nvt/gb_fedora_2007_4465_mysql_fc8.nasl
2009-02-27 Name : Fedora Update for mysql FEDORA-2007-4471
File : nvt/gb_fedora_2007_4471_mysql_fc7.nasl
2009-01-13 Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200711-25 (mysql)
File : nvt/glsa_200711_25.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-04 (mysql)
File : nvt/glsa_200804_04.nasl
2008-01-17 Name : Debian Security Advisory DSA 1413-1 (mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1)
File : nvt/deb_1413_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0)
File : nvt/deb_1451_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-348-01 mysql
File : nvt/esoft_slk_ssa_2007_348_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
51171 MySQL InnoDB convert_search_mode_to_innobase Function DoS

42608 MySQL RENAME TABLE Symlink System Table Overwrite

Nessus® Vulnerability Scanner

Date Description
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL8178.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071218_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-03-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-01-18 Name : The remote database is vulnerable to a denial fo service attack.
File : mysql_5_0_54_5_1_23_6_0_4_DoS.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12044.nasl - Type : ACT_GATHER_INFO
2009-01-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8c451386dff311dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-10-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-09-11 Name : The remote database server is affected by several issues.
File : mysql_5_0_67.nasl - Type : ACT_GATHER_INFO
2008-04-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-04.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-4879.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote openSUSE host is missing a security update.
File : suse_libmysqlclient-devel-4873.nasl - Type : ACT_GATHER_INFO
2008-01-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1451.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-559-1.nasl - Type : ACT_GATHER_INFO
2007-12-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2007-12-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2007-12-17 Name : The remote Fedora host is missing a security update.
File : fedora_2007-4465.nasl - Type : ACT_GATHER_INFO
2007-12-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-348-01.nasl - Type : ACT_GATHER_INFO
2007-12-17 Name : The remote Fedora host is missing a security update.
File : fedora_2007-4471.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote database server is affected by several issues.
File : mysql_enterprise_5_0_52.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote database server is affected by several issues.
File : mysql_5_1_23.nasl - Type : ACT_GATHER_INFO
2007-12-11 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-243.nasl - Type : ACT_GATHER_INFO
2007-12-10 Name : The remote database server is susceptible to a local symlink attack.
File : mysql_5_0_51.nasl - Type : ACT_GATHER_INFO
2007-11-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1413.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-25.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:51:18
  • Multiple Updates