Executive Summary

Summary
Titlemysql security update
Informations
NameRHSA-2007:1157First vendor Publication2007-12-19
VendorRedHatLast vendor Modification2007-12-19
Severity (Vendor) ImportantRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Cvss Base Score7.1Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score3.9AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated mysql packages that fix several security issues are now available for Red Hat Application Stack v1 and v2.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries.

A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969)

A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925)

A flaw was found in a way MySQL handled the "DEFINER" view parameter. A user with the "ALTER VIEW" privilege for a view created by another database user, could modify that view to get access to any data accessible to the creator of said view. (CVE-2007-6303)

All mysql users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

377451 - CVE-2007-5925 mysql DoS in the InnoDB Engine 397071 - CVE-2007-5969 mysql: possible system table information overwrite using symlinks 420231 - CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2007-1157.html

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20366
 
Oval ID: oval:org.mitre.oval:def:20366
Title: DSA-1413-1 mysql - multiple
Description: Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorised database modifications to remotely triggered server crashes.
Family: unix Class: patch
Reference(s): DSA-1413-1
CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3780
CVE-2007-3782
CVE-2007-5925
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11390
 
Oval ID: oval:org.mitre.oval:def:11390
Title: The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Description: The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5925
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21851
 
Oval ID: oval:org.mitre.oval:def:21851
Title: ELSA-2007:1155: mysql security update (Important)
Description: MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Family: unix Class: patch
Reference(s): ELSA-2007:1155-01
CVE-2007-5969
CVE-2007-5925
Version: 13
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10509
 
Oval ID: oval:org.mitre.oval:def:10509
Title: MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Description: MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5969
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application4
Application57
Application1
Application5

OpenVAS Exploits

DateDescription
2012-03-16Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2010-05-12Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2009-10-10Name : SLES9: Security update for MySQL
File : nvt/sles9p5021882.nasl
2009-04-09Name : Mandriva Update for MySQL MDKSA-2007:243 (MySQL)
File : nvt/gb_mandriva_MDKSA_2007_243.nasl
2009-04-09Name : Mandriva Update for mysql MDVSA-2008:017 (mysql)
File : nvt/gb_mandriva_MDVSA_2008_017.nasl
2009-03-23Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1
File : nvt/gb_ubuntu_USN_559_1.nasl
2009-03-23Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1
File : nvt/gb_ubuntu_USN_588_1.nasl
2009-03-23Name : Ubuntu Update for mysql-dfsg-5.0 regression USN-588-2
File : nvt/gb_ubuntu_USN_588_2.nasl
2009-03-06Name : RedHat Update for mysql RHSA-2007:1155-01
File : nvt/gb_RHSA-2007_1155-01_mysql.nasl
2009-02-27Name : Fedora Update for mysql FEDORA-2007-4465
File : nvt/gb_fedora_2007_4465_mysql_fc8.nasl
2009-02-27Name : Fedora Update for mysql FEDORA-2007-4471
File : nvt/gb_fedora_2007_4471_mysql_fc7.nasl
2009-02-27Name : CentOS Update for mysql CESA-2007:1155 centos4 i386
File : nvt/gb_CESA-2007_1155_mysql_centos4_i386.nasl
2009-02-27Name : CentOS Update for mysql CESA-2007:1155 centos4 x86_64
File : nvt/gb_CESA-2007_1155_mysql_centos4_x86_64.nasl
2009-01-13Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server17.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200711-25 (mysql)
File : nvt/glsa_200711_25.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-04 (mysql)
File : nvt/glsa_200804_04.nasl
2008-01-17Name : Debian Security Advisory DSA 1413-1 (mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1)
File : nvt/deb_1413_1.nasl
2008-01-17Name : Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0)
File : nvt/deb_1451_1.nasl
0000-00-00Name : Slackware Advisory SSA:2007-348-01 mysql
File : nvt/esoft_slk_ssa_2007_348_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
51171MySQL InnoDB convert_search_mode_to_innobase Function DoS
42610MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
42608MySQL RENAME TABLE Symlink System Table Overwrite

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071218_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-03-13Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-01-18Name : The remote database is vulnerable to a denial fo service attack.
File : mysql_5_0_54_5_1_23_6_0_4_DoS.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_6_0_4.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12044.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-017.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-028.nasl - Type : ACT_GATHER_INFO
2009-01-12Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8c451386dff311dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-10-10Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is affected by several issues.
File : mysql_5_0_67.nasl - Type : ACT_GATHER_INFO
2008-04-11Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-04.nasl - Type : ACT_GATHER_INFO
2008-04-04Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-588-2.nasl - Type : ACT_GATHER_INFO
2008-03-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-588-1.nasl - Type : ACT_GATHER_INFO
2008-02-05Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-4879.nasl - Type : ACT_GATHER_INFO
2008-02-05Name : The remote openSUSE host is missing a security update.
File : suse_libmysqlclient-devel-4873.nasl - Type : ACT_GATHER_INFO
2008-01-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1451.nasl - Type : ACT_GATHER_INFO
2007-12-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-559-1.nasl - Type : ACT_GATHER_INFO
2007-12-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2007-12-19Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2007-12-17Name : The remote Fedora host is missing a security update.
File : fedora_2007-4465.nasl - Type : ACT_GATHER_INFO
2007-12-17Name : The remote Fedora host is missing a security update.
File : fedora_2007-4471.nasl - Type : ACT_GATHER_INFO
2007-12-17Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-348-01.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote database server is affected by several issues.
File : mysql_5_1_23.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote database server is affected by several issues.
File : mysql_enterprise_5_0_52.nasl - Type : ACT_GATHER_INFO
2007-12-11Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-243.nasl - Type : ACT_GATHER_INFO
2007-12-10Name : The remote database server is susceptible to a local symlink attack.
File : mysql_5_0_51.nasl - Type : ACT_GATHER_INFO
2007-11-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1413.nasl - Type : ACT_GATHER_INFO
2007-11-20Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-25.nasl - Type : ACT_GATHER_INFO