Date: Sun, 29 Oct 2006 01:28:55 +0200 (CEST) From: Henrik Brix Andersen <henrik@brixandersen.dk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: "Simon L. Nielsen" <simon@FreeBSD.org> Subject: misc/104890: security/vuxml: Two MySQL vulnerability entries Message-ID: <20061028232855.5E93E2E025@fangorn.brixandersen.dk> Resent-Message-ID: <200610282330.k9SNUDsW093067@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 104890 >Category: misc >Synopsis: security/vuxml: Two MySQL vulnerability entries >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Oct 28 23:30:12 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Henrik Brix Andersen >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: pil.dk >Environment: System: FreeBSD fangorn.brixandersen.dk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #21: Sat Oct 21 12:22:03 CEST 2006 root@fangorn.brixandersen.dk:/usr/obj/usr/src/sys/FANGORN i386 >Description: Two recent MySQL server vulnerabilities (CVE-2006-4227 and CVE-2006-4226) are yet to be documented in VuXML. >How-To-Repeat: >Fix: Below patch documents these CVEs in vuln.xml. --- vuln.xml.diff begins here --- --- vuln.xml.orig Fri Oct 27 21:37:38 2006 +++ vuln.xml Sun Oct 29 01:21:57 2006 @@ -34,6 +34,64 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a9c51caf-6603-11db-ab90-000e35fd8194"> + <topic>mysql -- remote privilege escalation</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>5.1</ge><lt>5.1.12</lt></range> + <range><ge>5.0</ge><lt>5.0.25</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dmitri Lenev reports reports a remote privilege escalation in + MySQL. MySQL evaluates arguments of suid routines in the security + context of the routine's definer instead of the routine's caller, + which allows remote authenticated users to gain privileges through a + routine that has been made available using GRANT EXECUTE.</p> + </body> + </description> + <references> + <cvename>CVE-2006-4227</cvename> + <url>http://bugs.mysql.com/bug.php?id=18630</url> + </references> + <dates> + <discovery>2006-03-29</discovery> + <entry>2006-10-27</entry> + </dates> + </vuln> + + <vuln vid="a0e92718-6603-11db-ab90-000e35fd8194"> + <topic>mysql -- remote privilege escalation</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>5.1</ge><lt>5.1.12</lt></range> + <range><ge>5.0</ge><lt>5.0.25</lt></range> + <range><lt>4.1.21</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Michal Prokopiuk reports a remote privilege escalation in + MySQL. The vulnerability causes MySQL, when run on case-sensitive + filesystems, to allow remote authenticated users to create or access a + database when the database name differs only in case from a database + for which they have permissions.</p> + </body> + </description> + <references> + <bid>19559</bid> + <cvename>CVE-2006-4226</cvename> + <url>http://bugs.mysql.com/bug.php?id=17647</url> + </references> + <dates> + <discovery>2006-08-09</discovery> + <entry>2006-10-27</entry> + </dates> + </vuln> + <vuln vid="96ed277b-60e0-11db-ad2d-0016179b2dd5"> <topic>Serendipity -- XSS Vulnerabilities</topic> <affects> --- vuln.xml.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061028232855.5E93E2E025>