misc/104890: security/vuxml: Two MySQL vulnerability entries
Henrik Brix Andersen
henrik at brixandersen.dk
Sat Oct 28 23:30:14 UTC 2006
>Number: 104890
>Category: misc
>Synopsis: security/vuxml: Two MySQL vulnerability entries
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 28 23:30:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Henrik Brix Andersen
>Release: FreeBSD 6.2-PRERELEASE i386
>Organization:
pil.dk
>Environment:
System: FreeBSD fangorn.brixandersen.dk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #21: Sat Oct 21 12:22:03 CEST 2006 root at fangorn.brixandersen.dk:/usr/obj/usr/src/sys/FANGORN i386
>Description:
Two recent MySQL server vulnerabilities (CVE-2006-4227 and
CVE-2006-4226) are yet to be documented in VuXML.
>How-To-Repeat:
>Fix:
Below patch documents these CVEs in vuln.xml.
--- vuln.xml.diff begins here ---
--- vuln.xml.orig Fri Oct 27 21:37:38 2006
+++ vuln.xml Sun Oct 29 01:21:57 2006
@@ -34,6 +34,64 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a9c51caf-6603-11db-ab90-000e35fd8194">
+ <topic>mysql -- remote privilege escalation</topic>
+ <affects>
+ <package>
+ <name>mysql-server</name>
+ <range><ge>5.1</ge><lt>5.1.12</lt></range>
+ <range><ge>5.0</ge><lt>5.0.25</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Dmitri Lenev reports reports a remote privilege escalation in
+ MySQL. MySQL evaluates arguments of suid routines in the security
+ context of the routine's definer instead of the routine's caller,
+ which allows remote authenticated users to gain privileges through a
+ routine that has been made available using GRANT EXECUTE.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2006-4227</cvename>
+ <url>http://bugs.mysql.com/bug.php?id=18630</url>
+ </references>
+ <dates>
+ <discovery>2006-03-29</discovery>
+ <entry>2006-10-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a0e92718-6603-11db-ab90-000e35fd8194">
+ <topic>mysql -- remote privilege escalation</topic>
+ <affects>
+ <package>
+ <name>mysql-server</name>
+ <range><ge>5.1</ge><lt>5.1.12</lt></range>
+ <range><ge>5.0</ge><lt>5.0.25</lt></range>
+ <range><lt>4.1.21</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michal Prokopiuk reports a remote privilege escalation in
+ MySQL. The vulnerability causes MySQL, when run on case-sensitive
+ filesystems, to allow remote authenticated users to create or access a
+ database when the database name differs only in case from a database
+ for which they have permissions.</p>
+ </body>
+ </description>
+ <references>
+ <bid>19559</bid>
+ <cvename>CVE-2006-4226</cvename>
+ <url>http://bugs.mysql.com/bug.php?id=17647</url>
+ </references>
+ <dates>
+ <discovery>2006-08-09</discovery>
+ <entry>2006-10-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="96ed277b-60e0-11db-ad2d-0016179b2dd5">
<topic>Serendipity -- XSS Vulnerabilities</topic>
<affects>
--- vuln.xml.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list