Executive Summary
Summary | |
---|---|
Title | mysql security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0894 | First vendor Publication | 2007-09-10 |
Vendor | RedHat | Last vendor Modification | 2007-09-10 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated MySQL packages for the Red Hat Application Stack comprising the v1.2 release fixed various security issues. The security issues in this errata are rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Problem description: On the 23rd August 2007, Red Hat Application Stack v1.2 was released. This release contained a new version of MySQL that corrected several security issues found in the MySQL packages of Red Hat Application Stack v1.1. Users who have already updated to Red Hat Application Stack v1.2 will already have the new MySQL packages and are not affected by these issues. A flaw was discovered in MySQL's authentication protocol. A remote unauthenticated attacker could send a specially crafted authentication request to the MySQL server causing it to crash. (CVE-2007-3780) MySQL did not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement. A remote authenticated user could obtain sensitive information such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed remote authenticated users to gain update privileges for a table in another database via a view that refers to the external table (CVE-2007-3782). A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. A remote authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL did not require the DROP privilege for RENAME TABLE statements. A remote authenticated users could use this flaw to rename arbitrary tables. (CVE-2007-2691) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 241688 - CVE-2007-2691 DROP privilege is not enforced when renaming tables 241689 - CVE-2007-2692 SECURITY INVOKER functions do not drop privilegies 248553 - CVE-2007-3781 CVE-2007-3782 New release of MySQL fixes security bugs 254108 - CVE-2007-3780 mysql malformed password crasher |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0894.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10563 | |||
Oval ID: | oval:org.mitre.oval:def:10563 | ||
Title: | MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | ||
Description: | MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3782 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11058 | |||
Oval ID: | oval:org.mitre.oval:def:11058 | ||
Title: | MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | ||
Description: | MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3780 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17461 | |||
Oval ID: | oval:org.mitre.oval:def:17461 | ||
Title: | USN-528-1 -- mysql-dfsg-5.0 vulnerabilities | ||
Description: | Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-528-1 CVE-2007-2583 CVE-2007-2691 CVE-2007-3780 CVE-2007-3782 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17493 | |||
Oval ID: | oval:org.mitre.oval:def:17493 | ||
Title: | USN-559-1 -- mysql-dfsg-5.0 vulnerabilities | ||
Description: | Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-559-1 CVE-2007-5925 CVE-2007-5969 CVE-2007-6304 CVE-2007-3781 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22310 | |||
Oval ID: | oval:org.mitre.oval:def:22310 | ||
Title: | ELSA-2008:0364: mysql security and bug fix update (Low) | ||
Description: | MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0364-01 CVE-2006-0903 CVE-2006-4031 CVE-2006-4227 CVE-2006-7232 CVE-2007-1420 CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3781 CVE-2007-3782 | Version: | 45 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22681 | |||
Oval ID: | oval:org.mitre.oval:def:22681 | ||
Title: | ELSA-2007:0875: mysql security update (Important) | ||
Description: | MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0875-02 CVE-2007-3780 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9166 | |||
Oval ID: | oval:org.mitre.oval:def:9166 | ||
Title: | The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. | ||
Description: | The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2692 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9195 | |||
Oval ID: | oval:org.mitre.oval:def:9195 | ||
Title: | MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | ||
Description: | MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3781 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9559 | |||
Oval ID: | oval:org.mitre.oval:def:9559 | ||
Title: | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | ||
Description: | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2691 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5021882.nasl |
2009-04-09 | Name : Mandriva Update for MySQL MDKSA-2007:243 (MySQL) File : nvt/gb_mandriva_MDKSA_2007_243.nasl |
2009-04-09 | Name : Mandriva Update for mysql MDVSA-2008:028 (mysql) File : nvt/gb_mandriva_MDVSA_2008_028.nasl |
2009-04-09 | Name : Mandriva Update for MySQL MDKSA-2007:177 (MySQL) File : nvt/gb_mandriva_MDKSA_2007_177.nasl |
2009-04-09 | Name : Mandriva Update for MySQL MDKSA-2007:139 (MySQL) File : nvt/gb_mandriva_MDKSA_2007_139.nasl |
2009-03-23 | Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1 File : nvt/gb_ubuntu_USN_528_1.nasl |
2009-03-23 | Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1 File : nvt/gb_ubuntu_USN_559_1.nasl |
2009-03-23 | Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1 File : nvt/gb_ubuntu_USN_588_1.nasl |
2009-03-23 | Name : Ubuntu Update for mysql-dfsg-5.0 regression USN-588-2 File : nvt/gb_ubuntu_USN_588_2.nasl |
2009-03-06 | Name : RedHat Update for mysql RHSA-2008:0768-01 File : nvt/gb_RHSA-2008_0768-01_mysql.nasl |
2009-03-06 | Name : RedHat Update for mysql RHSA-2008:0364-01 File : nvt/gb_RHSA-2008_0364-01_mysql.nasl |
2009-01-13 | Name : FreeBSD Ports: mysql-server File : nvt/freebsd_mysql-server19.nasl |
2009-01-13 | Name : FreeBSD Ports: mysql-server File : nvt/freebsd_mysql-server18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-10 (mysql) File : nvt/glsa_200708_10.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1413-1 (mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1) File : nvt/deb_1413_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0) File : nvt/deb_1451_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-348-01 mysql File : nvt/esoft_slk_ssa_2007_348_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37783 | MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure |
37782 | MySQL Community Server External Table View Privilege Escalation |
36732 | MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS |
34766 | MySQL RENAME TABLE Statement Arbitrary Table Name Modification |
34765 | MySQL mysql_change_db Function THD::db_access Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0875.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070830_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080724_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080521_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_40.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is affected by an access control vulnerability. File : mysql_4_1_23_5_0_42.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12044.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-028.nasl - Type : ACT_GATHER_INFO |
2009-01-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_240ac24cdff311dda7650030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-01-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_bb4e9a44dff211dda7650030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-07-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0768.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0364.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-588-2.nasl - Type : ACT_GATHER_INFO |
2008-03-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-588-1.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-4879.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote openSUSE host is missing a security update. File : suse_libmysqlclient-devel-4873.nasl - Type : ACT_GATHER_INFO |
2008-01-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1451.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-559-1.nasl - Type : ACT_GATHER_INFO |
2007-12-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-348-01.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-4376.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-243.nasl - Type : ACT_GATHER_INFO |
2007-11-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1413.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-528-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_mysql-4375.nasl - Type : ACT_GATHER_INFO |
2007-09-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-177.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0875.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0875.nasl - Type : ACT_GATHER_INFO |
2007-08-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-10.nasl - Type : ACT_GATHER_INFO |
2007-07-25 | Name : The remote database server is susceptible to multiple attacks. File : mysql_5_0_45.nasl - Type : ACT_GATHER_INFO |
2007-07-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-139.nasl - Type : ACT_GATHER_INFO |
2007-05-17 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_18.nasl - Type : ACT_GATHER_INFO |
2007-05-10 | Name : The remote database server is prone to a denial of service attack. File : mysql_select_if_dos.nasl - Type : ACT_GATHER_INFO |