From owner-freebsd-bugs@FreeBSD.ORG  Sat Oct 28 23:30:14 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4004E16A492
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 28 Oct 2006 23:30:14 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BBA4943D58
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 28 Oct 2006 23:30:13 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k9SNUDnt093083
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 28 Oct 2006 23:30:13 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k9SNUDsW093067;
	Sat, 28 Oct 2006 23:30:13 GMT (envelope-from gnats)
Resent-Date: Sat, 28 Oct 2006 23:30:13 GMT
Resent-Message-Id: <200610282330.k9SNUDsW093067@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Henrik Brix Andersen <henrik@brixandersen.dk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D127516A403;
	Sat, 28 Oct 2006 23:29:16 +0000 (UTC)
	(envelope-from brix@fangorn.brixandersen.dk)
Received: from ns2.pil.dk (ns2.pil.dk [195.41.47.38])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D5C0443D75;
	Sat, 28 Oct 2006 23:29:14 +0000 (GMT)
	(envelope-from brix@fangorn.brixandersen.dk)
Received: from fangorn.brixandersen.dk (osgiliath.brixandersen.dk
	[87.53.223.189]) by ns2.pil.dk (Postfix) with ESMTP id CF7C47BA293;
	Sun, 29 Oct 2006 01:29:11 +0200 (CEST)
Received: by fangorn.brixandersen.dk (Postfix, from userid 1001)
	id 5E93E2E025; Sun, 29 Oct 2006 01:28:55 +0200 (CEST)
Message-Id: <20061028232855.5E93E2E025@fangorn.brixandersen.dk>
Date: Sun, 29 Oct 2006 01:28:55 +0200 (CEST)
From: Henrik Brix Andersen <henrik@brixandersen.dk>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: "Simon L. Nielsen" <simon@FreeBSD.org>
Subject: misc/104890: security/vuxml: Two MySQL vulnerability entries 
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Henrik Brix Andersen <henrik@brixandersen.dk>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Oct 2006 23:30:14 -0000


>Number:         104890
>Category:       misc
>Synopsis:       security/vuxml: Two MySQL vulnerability entries
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 28 23:30:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Henrik Brix Andersen
>Release:        FreeBSD 6.2-PRERELEASE i386
>Organization:
pil.dk 
>Environment:
System: FreeBSD fangorn.brixandersen.dk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #21: Sat Oct 21 12:22:03 CEST 2006 root@fangorn.brixandersen.dk:/usr/obj/usr/src/sys/FANGORN i386


	
>Description:
Two recent MySQL server vulnerabilities (CVE-2006-4227 and
CVE-2006-4226) are yet to be documented in VuXML.

	
>How-To-Repeat:
	
>Fix:
Below patch documents these CVEs in vuln.xml.

	

--- vuln.xml.diff begins here ---
--- vuln.xml.orig	Fri Oct 27 21:37:38 2006
+++ vuln.xml	Sun Oct 29 01:21:57 2006
@@ -34,6 +34,64 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="a9c51caf-6603-11db-ab90-000e35fd8194">
+    <topic>mysql -- remote privilege escalation</topic>
+    <affects>
+      <package>
+	<name>mysql-server</name>
+	<range><ge>5.1</ge><lt>5.1.12</lt></range>
+	<range><ge>5.0</ge><lt>5.0.25</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Dmitri Lenev reports reports a remote privilege escalation in
+	  MySQL. MySQL evaluates arguments of suid routines in the security
+	  context of the routine's definer instead of the routine's caller,
+	  which allows remote authenticated users to gain privileges through a
+	  routine that has been made available using GRANT EXECUTE.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2006-4227</cvename>
+      <url>http://bugs.mysql.com/bug.php?id=18630</url>
+    </references>
+    <dates>
+      <discovery>2006-03-29</discovery>
+      <entry>2006-10-27</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="a0e92718-6603-11db-ab90-000e35fd8194">
+    <topic>mysql -- remote privilege escalation</topic>
+    <affects>
+      <package>
+	<name>mysql-server</name>
+	<range><ge>5.1</ge><lt>5.1.12</lt></range>
+	<range><ge>5.0</ge><lt>5.0.25</lt></range>
+	<range><lt>4.1.21</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Michal Prokopiuk reports a remote privilege escalation in
+	  MySQL. The vulnerability causes MySQL, when run on case-sensitive
+	  filesystems, to allow remote authenticated users to create or access a
+	  database when the database name differs only in case from a database
+	  for which they have permissions.</p>
+      </body>
+    </description>
+    <references>
+      <bid>19559</bid>
+      <cvename>CVE-2006-4226</cvename>
+      <url>http://bugs.mysql.com/bug.php?id=17647</url>
+    </references>
+    <dates>
+      <discovery>2006-08-09</discovery>
+      <entry>2006-10-27</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="96ed277b-60e0-11db-ad2d-0016179b2dd5">
     <topic>Serendipity -- XSS Vulnerabilities</topic>
     <affects>
--- vuln.xml.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: