Executive Summary

Summary
Title MySQL vulnerability
Informations
Name USN-109-1 First vendor Publication 2005-04-06
Vendor Ubuntu Last vendor Modification 2005-04-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

mysql-server

The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.5. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-32-1 fixed a database privilege escalation vulnerability; original advisory text:

"If a user was granted privileges to a database with a name
containing an underscore ("_"), the user also gained the ability to
grant privileges to other databases with similar names.
(CAN-2004-0957)"

Recently a corner case was discovered where this vulnerability can still be exploited, so another update is necessary.

Original Source

Url : http://www.ubuntu.com/usn/USN-109-1

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 80
Os 3
Os 1
Os 7
Os 3
Os 2

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5015996.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5020865.nasl
2008-09-04 Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server0.nasl
2008-01-17 Name : Debian Security Advisory DSA 707-1 (mysql)
File : nvt/deb_707_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
10959 MySQL GRANT ALL ON Privilege Escalation

MySQL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when that users is given GRANT privileges on a database whose name contains an underscore, i.e. database_name. The underscore is treated as a wildcard; continuing the example, the user would then have GRANT privileges on database1name, databaseZname, etc. This flaw may lead to a loss of confidentiality and/or integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft MSN Messenger png overflow
RuleID : 3130-community - Revision : 8 - Type : PUA-OTHER
2014-01-10 Microsoft MSN Messenger png overflow
RuleID : 3130 - Revision : 8 - Type : PUA-OTHER

Nessus® Vulnerability Scanner

Date Description
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-109-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-32-1.nasl - Type : ACT_GATHER_INFO
2005-07-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_01c231cd439311d98bb900065be4b5b6.nasl - Type : ACT_GATHER_INFO
2005-04-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-707.nasl - Type : ACT_GATHER_INFO
2005-04-13 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-070.nasl - Type : ACT_GATHER_INFO
2004-12-09 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-530.nasl - Type : ACT_GATHER_INFO
2004-11-04 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2004-611.nasl - Type : ACT_GATHER_INFO
2004-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-569.nasl - Type : ACT_GATHER_INFO
2004-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-597.nasl - Type : ACT_GATHER_INFO
2004-10-17 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_multiple_flaws3.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:58:24
  • Multiple Updates
2013-05-11 12:24:58
  • Multiple Updates