| VID |
25079 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
A version of MySQL which is older than 5.0.70 is running on the host. MySQL versions 5.0.x prior to 5.0.70 are privilege bypass vulnerability. In such versions, it is possible for a local user to circumvent privileges through the creation of MyISAM tables employing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table files in the application's data directory.
this issue was supposed to have been addressed in version 5.0.60, but the fix was incomplete.
* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-70.html
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
* Platforms Affected:
MySQL versions 5.0.x prior to 5.0.70
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (5.0.70 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2008-4098 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
