Databases : MySQL Privilege Escalation Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.811630

Categoría: Databases

Título: MySQL Privilege Escalation Vulnerability - Linux

Resumen: MySQL is prone to a privilege escalation vulnerability.

Descripción: Summary:
MySQL is prone to a privilege escalation vulnerability.

Vulnerability Insight:
The flaw exists due to table creation option
allows the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY
options.

Vulnerability Impact:
Successful exploitation of this vulnerability
will allow an authenticated user to use the DATA DIRECTORY and INDEX DIRECTORY
options to possibly bypass privilege checks.

Affected Software/OS:
MySQL version before 5.0.67 on Linux

Solution:
Upgrade to MySQL version 5.0.67.

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4098
32578
http://secunia.com/advisories/32578
32759
http://secunia.com/advisories/32759
32769
http://secunia.com/advisories/32769
38517
http://secunia.com/advisories/38517
DSA-1662
http://www.debian.org/security/2008/dsa-1662
MDVSA-2009:094
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
RHSA-2009:1067
http://www.redhat.com/support/errata/RHSA-2009-1067.html
RHSA-2010:0110
http://www.redhat.com/support/errata/RHSA-2010-0110.html
SUSE-SR:2008:025
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
USN-1397-1
http://www.ubuntu.com/usn/USN-1397-1
USN-671-1
http://www.ubuntu.com/usn/USN-671-1
USN-897-1
http://ubuntu.com/usn/usn-897-1
[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079
http://www.openwall.com/lists/oss-security/2008/09/09/20
[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://bugs.mysql.com/bug.php?id=32167
mysql-myisam-symlink-security-bypass(45649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
oval:org.mitre.oval:def:10591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.811630
Categoría:	Databases
Título:	MySQL Privilege Escalation Vulnerability - Linux
Resumen:	MySQL is prone to a privilege escalation vulnerability.
Descripción:	Summary: MySQL is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw exists due to table creation option allows the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. Vulnerability Impact: Successful exploitation of this vulnerability will allow an authenticated user to use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. Affected Software/OS: MySQL version before 5.0.67 on Linux Solution: Upgrade to MySQL version 5.0.67. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4098 32578 http://secunia.com/advisories/32578 32759 http://secunia.com/advisories/32759 32769 http://secunia.com/advisories/32769 38517 http://secunia.com/advisories/38517 DSA-1662 http://www.debian.org/security/2008/dsa-1662 MDVSA-2009:094 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 RHSA-2009:1067 http://www.redhat.com/support/errata/RHSA-2009-1067.html RHSA-2010:0110 http://www.redhat.com/support/errata/RHSA-2010-0110.html SUSE-SR:2008:025 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html USN-1397-1 http://www.ubuntu.com/usn/USN-1397-1 USN-671-1 http://www.ubuntu.com/usn/USN-671-1 USN-897-1 http://ubuntu.com/usn/usn-897-1 [oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 http://www.openwall.com/lists/oss-security/2008/09/09/20 [oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 http://www.openwall.com/lists/oss-security/2008/09/16/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://bugs.mysql.com/bug.php?id=32167 mysql-myisam-symlink-security-bypass(45649) https://exchange.xforce.ibmcloud.com/vulnerabilities/45649 oval:org.mitre.oval:def:10591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
Copyright	Copyright (C) 2017 Greenbone AG