Date: Mon, 29 Dec 2008 19:14:43 +0300 (MSK) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/130025: [vuxml] databases/mysql41-server: document CVE-2007-2691, CVE-2007-3780 and CVE-2007-5969 Message-ID: <20081229161443.4F595B8019@phoenix.codelabs.ru> Resent-Message-ID: <200812291620.mBTGK1NT030534@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 130025 >Category: ports >Synopsis: [vuxml] databases/mysql41-server: document CVE-2007-2691, CVE-2007-3780 and CVE-2007-5969 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 29 16:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.1-PRERELEASE amd64 >Description: Document multiple issues that are still real for databases/mysql41-server, since it stays (almost) at 4.1.22. Vulnerable versions of FreeBSD ports for 5.0, 5.1 and 6.0 are at least 1.5 years old, so I am mentioning them mostly for the completeness. >How-To-Repeat: See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 and references therein, especially MySQL bug entries. >Fix: The following VuXML entries should be evaluated and added: --- vuln.xml begins here --- <vuln vid="58d1e7da-d5b9-11dd-b0cc-001fc66e7203"> <topic>mysql -- renaming of arbitrary tables by authenticated users</topic> <affects> <package> <name>mysql-server</name> <range><ge>4.1</ge><lt>4.1.23</lt></range> <range><ge>5.0</ge><lt>5.0.42</lt></range> <range><ge>5.1</ge><lt>5.1.18</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>MySQL developers report:</p> <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-23.html">; <p>The requirement of the DROP privilege for RENAME TABLE was not enforced.</p> </blockquote> </body> </description> <references> <cvename>CVE-2007-2691</cvename> <bid>24016</bid> <url>http://bugs.mysql.com/bug.php?id=27515</url>; </references> <dates> <discovery>15-05-2007</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- --- vuln.xml begins here --- <vuln vid="c8d17c48-d5b7-11dd-b0cc-001fc66e7203"> <topic>mysql -- remote Denial of Service via malformed password packet</topic> <affects> <package> <name>mysql-server</name> <range><ge>4.1</ge><lt>4.1.24</lt></range> <range><ge>5.0</ge><lt>5.0.44</lt></range> <range><ge>5.1</ge><lt>5.1.20</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>MySQL developers report:</p> <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html">; <p>A malformed password packet in the connection protocol could cause the server to crash.</p> </blockquote> </body> </description> <references> <cvename>CVE-2007-3780</cvename> <bid>25017</bid> <url>http://bugs.mysql.com/bug.php?id=28984</url>; </references> <dates> <discovery>15-07-2007</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- --- vuln.xml begins here --- <vuln vid="06f88a78-d5bf-11dd-b0cc-001fc66e7203"> <topic>mysql -- privilege escalation and overwrite of the system table information</topic> <affects> <package> <name>mysql-server</name> <range><ge>4.1</ge><lt>4.1.24</lt></range> <range><ge>5.0</ge><lt>5.0.51</lt></range> <range><ge>5.1</ge><lt>5.1.23</lt></range> <range><ge>6.0</ge><lt>6.0.4</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>MySQL developers report:</p> <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html">; <p>Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.</p> </blockquote> </body> </description> <references> <cvename>CVE-2007-5969</cvename> <bid>26765</bid> <url>http://bugs.mysql.com/bug.php?id=32111</url>; </references> <dates> <discovery>14-11-2007</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- I would collapse them all into a single entry, but versions of affected products are different for each entry, so it is not possible without cheating and cheating is bad ;) All these should gone when ports/130023 or its variation will be committed into FreeBSD ports tree. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081229161443.4F595B8019>