| VID |
25061 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
A version of MySQL which is older than 5.1.18 is running on the host. MySQL versions 5.1.x prior to 5.1.18 are vulnerable to multiple vulnerabilities, which could be exploited by malicious users to bypass security checks, gain escalated privileges or obtain sensitive information.
- A user can rename a table without having DROP privileges. (Bug#27515)
- If a stored routine was declared using SQL SECURITY INVOKER, a user who invoked the routine could gain privileges. (Bug#27337)
- A user with only ALTER privileges on a partitioned table could obtain information about the table that should require SELECT privileges. (Bug#23675)
* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://bugs.mysql.com/bug.php?id=23675
http://bugs.mysql.com/bug.php?id=27515
http://bugs.mysql.com/bug.php?id=27337
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
http://www.frsirt.com/english/advisories/2007/1804
http://www.securitytracker.com/id?1018069
http://www.securitytracker.com/id?1018070
http://www.securitytracker.com/id?1018071
http://secunia.com/advisories/25301/
* Platforms Affected:
MySQL AB, MySQL versions 5.1.x prior to 5.1.18
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (5.1.18 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2007-2691,CVE-2007-2692,CVE-2007-2693 (CVE) |
| Related URL |
24008,24011,24016 (SecurityFocus) |
| Related URL |
(ISS) |
|
