Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Oct 2006 01:28:55 +0200 (CEST)
From:      Henrik Brix Andersen <henrik@brixandersen.dk>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        "Simon L. Nielsen" <simon@FreeBSD.org>
Subject:   misc/104890: security/vuxml: Two MySQL vulnerability entries 
Message-ID:  <20061028232855.5E93E2E025@fangorn.brixandersen.dk>
Resent-Message-ID: <200610282330.k9SNUDsW093067@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         104890
>Category:       misc
>Synopsis:       security/vuxml: Two MySQL vulnerability entries
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 28 23:30:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Henrik Brix Andersen
>Release:        FreeBSD 6.2-PRERELEASE i386
>Organization:
pil.dk 
>Environment:
System: FreeBSD fangorn.brixandersen.dk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #21: Sat Oct 21 12:22:03 CEST 2006 root@fangorn.brixandersen.dk:/usr/obj/usr/src/sys/FANGORN i386


	
>Description:
Two recent MySQL server vulnerabilities (CVE-2006-4227 and
CVE-2006-4226) are yet to be documented in VuXML.

	
>How-To-Repeat:
	
>Fix:
Below patch documents these CVEs in vuln.xml.

	

--- vuln.xml.diff begins here ---
--- vuln.xml.orig	Fri Oct 27 21:37:38 2006
+++ vuln.xml	Sun Oct 29 01:21:57 2006
@@ -34,6 +34,64 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="a9c51caf-6603-11db-ab90-000e35fd8194">
+    <topic>mysql -- remote privilege escalation</topic>
+    <affects>
+      <package>
+	<name>mysql-server</name>
+	<range><ge>5.1</ge><lt>5.1.12</lt></range>
+	<range><ge>5.0</ge><lt>5.0.25</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Dmitri Lenev reports reports a remote privilege escalation in
+	  MySQL. MySQL evaluates arguments of suid routines in the security
+	  context of the routine's definer instead of the routine's caller,
+	  which allows remote authenticated users to gain privileges through a
+	  routine that has been made available using GRANT EXECUTE.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2006-4227</cvename>
+      <url>http://bugs.mysql.com/bug.php?id=18630</url>;
+    </references>
+    <dates>
+      <discovery>2006-03-29</discovery>
+      <entry>2006-10-27</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="a0e92718-6603-11db-ab90-000e35fd8194">
+    <topic>mysql -- remote privilege escalation</topic>
+    <affects>
+      <package>
+	<name>mysql-server</name>
+	<range><ge>5.1</ge><lt>5.1.12</lt></range>
+	<range><ge>5.0</ge><lt>5.0.25</lt></range>
+	<range><lt>4.1.21</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Michal Prokopiuk reports a remote privilege escalation in
+	  MySQL. The vulnerability causes MySQL, when run on case-sensitive
+	  filesystems, to allow remote authenticated users to create or access a
+	  database when the database name differs only in case from a database
+	  for which they have permissions.</p>
+      </body>
+    </description>
+    <references>
+      <bid>19559</bid>
+      <cvename>CVE-2006-4226</cvename>
+      <url>http://bugs.mysql.com/bug.php?id=17647</url>;
+    </references>
+    <dates>
+      <discovery>2006-08-09</discovery>
+      <entry>2006-10-27</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="96ed277b-60e0-11db-ad2d-0016179b2dd5">
     <topic>Serendipity -- XSS Vulnerabilities</topic>
     <affects>
--- vuln.xml.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061028232855.5E93E2E025>