ports/130025: [vuxml] databases/mysql41-server: document CVE-2007-2691, CVE-2007-3780 and CVE-2007-5969
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Mon Dec 29 16:20:02 UTC 2008
>Number: 130025
>Category: ports
>Synopsis: [vuxml] databases/mysql41-server: document CVE-2007-2691, CVE-2007-3780 and CVE-2007-5969
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 29 16:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.1-PRERELEASE amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 7.1-PRERELEASE amd64
>Description:
Document multiple issues that are still real for
databases/mysql41-server, since it stays (almost) at 4.1.22. Vulnerable
versions of FreeBSD ports for 5.0, 5.1 and 6.0 are at least 1.5 years
old, so I am mentioning them mostly for the completeness.
>How-To-Repeat:
See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
and references therein, especially MySQL bug entries.
>Fix:
The following VuXML entries should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="58d1e7da-d5b9-11dd-b0cc-001fc66e7203">
<topic>mysql -- renaming of arbitrary tables by authenticated users</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>4.1</ge><lt>4.1.23</lt></range>
<range><ge>5.0</ge><lt>5.0.42</lt></range>
<range><ge>5.1</ge><lt>5.1.18</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MySQL developers report:</p>
<blockquote
cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-23.html">
<p>The requirement of the DROP privilege for RENAME TABLE was
not enforced.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-2691</cvename>
<bid>24016</bid>
<url>http://bugs.mysql.com/bug.php?id=27515</url>
</references>
<dates>
<discovery>15-05-2007</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
--- vuln.xml begins here ---
<vuln vid="c8d17c48-d5b7-11dd-b0cc-001fc66e7203">
<topic>mysql -- remote Denial of Service via malformed password packet</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>4.1</ge><lt>4.1.24</lt></range>
<range><ge>5.0</ge><lt>5.0.44</lt></range>
<range><ge>5.1</ge><lt>5.1.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MySQL developers report:</p>
<blockquote
cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html">
<p>A malformed password packet in the connection protocol
could cause the server to crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-3780</cvename>
<bid>25017</bid>
<url>http://bugs.mysql.com/bug.php?id=28984</url>
</references>
<dates>
<discovery>15-07-2007</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
--- vuln.xml begins here ---
<vuln vid="06f88a78-d5bf-11dd-b0cc-001fc66e7203">
<topic>mysql -- privilege escalation and overwrite of the system table information</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>4.1</ge><lt>4.1.24</lt></range>
<range><ge>5.0</ge><lt>5.0.51</lt></range>
<range><ge>5.1</ge><lt>5.1.23</lt></range>
<range><ge>6.0</ge><lt>6.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MySQL developers report:</p>
<blockquote
cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html">
<p>Using RENAME TABLE against a table with explicit DATA
DIRECTORY and INDEX DIRECTORY options can be used to overwrite
system table information by replacing the symbolic link
points. the file to which the symlink points.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-5969</cvename>
<bid>26765</bid>
<url>http://bugs.mysql.com/bug.php?id=32111</url>
</references>
<dates>
<discovery>14-11-2007</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
I would collapse them all into a single entry, but versions of affected
products are different for each entry, so it is not possible without
cheating and cheating is bad ;)
All these should gone when ports/130023 or its variation will be
committed into FreeBSD ports tree.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list