|
MySQL Denial of Service Vulnerability and Multiple Security Issues
|
|
|
|
|
Secunia Advisory:
|
SA25301
|
|
|
Release Date:
|
2007-05-17
|
|
Last Update:
|
2007-07-19
|
|
|
Critical:
|

Less critical
|
|
Impact:
|
Security Bypass Privilege escalation DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | MySQL 4.x MySQL 5.x
|
| | CVE reference: | CVE-2007-2691 (Secunia mirror) CVE-2007-2692 (Secunia mirror) CVE-2007-2693 (Secunia mirror) CVE-2007-3780 (Secunia mirror) CVE-2007-3781 (Secunia mirror) CVE-2007-3782 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: Various security issues and a vulnerability have been reported in MySQL, which can be exploited by malicious users to gain escalated privileges, bypass certain security restrictions and cause a DoS (Denial of Service) or malicious people to cause a DoS.
1) The problem is that it is possible for a user to rename a table without having DROP privileges.
The security issue has been reported in version 4.1 and 5.0.
2) The problem is that stored routines defined with SQL SECURITY INVOKER do not change back privileges when returning and can be invoked by users to gain escalated privileges.
The security issue has been reported in version 5.0.40.
3) An unspecified vulnerability within the handling of password packets in the connection protocol can be exploited to crash the server.
4) The mysql_update() and mysql_test_update() functions do not correctly check the privileges of views. This can be exploited to gain certain privileges for tables of other databases.
The security issue is reported in version 5.0.38 and 5.1.
5) The "CREATE TABLE LIKE" command did not correctly check the privileges for the source table and does not correctly implement table locking. This can be exploited to bypass certain security restrictions or potentially crash the service.
The security issue is reported in versions 5.0 and 5.1.
Solution: Update to MySQL Enterprise version 4.1.23 and 5.0.44 and MySQL Community Server 5.0.45.
Provided and/or discovered by: Reported via a bug report by:
1) Victoria Reznichenko
2) Alexander Nozdrin
3) Dormando
4) Phil Anderton
5) Andrei Elkin and maybe an unknown person
Changelog: 2007-07-17: Added vulnerabilities 3, 4 and 5. Updated "Solution" section.
2007-07-19: Added CVE reference.
Original Advisory: MySQL:
1) http://bugs.mysql.com/bug.php?id=27515
2) http://bugs.mysql.com/bug.php?id=27337
3) http://bugs.mysql.com/bug.php?id=28984
4) http://bugs.mysql.com/bug.php?id=27878
5) http://bugs.mysql.com/bug.php?id=23667
http://bugs.mysql.com/bug.php?id=25578
http://lists.mysql.com/announce/470
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
27 Related Secunia Security Advisories, displaying 10
|
|
|
1. MySQL MyISAM Table Privilege Check Bypass
|
|
2. MySQL Multiple Vulnerabilities
|
|
3. MySQL Security Issue and Two Vulnerabilities
|
|
4. MySQL System Table Information Overwrite Vulnerability
|
|
5. MySQL InnoDB Denial of Service Vulnerability
|
|
6. MySQL IF Query Denial of Service Vulnerability
|
|
7. MySQL Single-Row Subselect and INFORMATION_SCHEMA Denial of Service
|
|
8. MySQL Create Database Bypass and Privilege Escalation
|
|
9. MySQL MERGE Table Privilege Revoke Bypass
|
|
10. MySQL Multibyte Encoding SQL Injection Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|