MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities

medium Nessus Plugin ID 29345

Synopsis

The remote database server is affected by several issues.

Description

The version of MySQL Server installed on the remote host reportedly is affected by the following issues :

- It is possible, by creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options, to gain privileges on other tables having the same name as the partitioned table. (Bug #32091)

- Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information. (Bug #32111).

- ALTER VIEW retains the original DEFINER value, even when altered by another user, which can allow that user to gain the access rights of the view. (Bug #29908)

- When using a FEDERATED table, the local server can be forced to crash if the remote server returns a result with fewer columns than expected. (Bug #29801)

Solution

Upgrade to MySQL Community Server version 5.1.23 / 6.0.4 or later.

See Also

https://bugs.mysql.com/bug.php?id=32091

https://bugs.mysql.com/bug.php?id=32111

https://bugs.mysql.com/bug.php?id=29908

https://bugs.mysql.com/bug.php?id=29801

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

http://www.nessus.org/u?0e513c99

Plugin Details

Severity: Medium

ID: 29345

File Name: mysql_5_1_23.nasl

Version: 1.18

Type: remote

Family: Databases

Published: 12/13/2007

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2007-5925, CVE-2007-5969, CVE-2007-5970, CVE-2007-6303, CVE-2007-6304

BID: 26765, 26832

CWE: 20, 264