From brix@fangorn.brixandersen.dk Sat Oct 28 23:29:16 2006 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D127516A403; Sat, 28 Oct 2006 23:29:16 +0000 (UTC) (envelope-from brix@fangorn.brixandersen.dk) Received: from ns2.pil.dk (ns2.pil.dk [195.41.47.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5C0443D75; Sat, 28 Oct 2006 23:29:14 +0000 (GMT) (envelope-from brix@fangorn.brixandersen.dk) Received: from fangorn.brixandersen.dk (osgiliath.brixandersen.dk [87.53.223.189]) by ns2.pil.dk (Postfix) with ESMTP id CF7C47BA293; Sun, 29 Oct 2006 01:29:11 +0200 (CEST) Received: by fangorn.brixandersen.dk (Postfix, from userid 1001) id 5E93E2E025; Sun, 29 Oct 2006 01:28:55 +0200 (CEST) Message-Id: <20061028232855.5E93E2E025@fangorn.brixandersen.dk> Date: Sun, 29 Oct 2006 01:28:55 +0200 (CEST) From: Henrik Brix Andersen Reply-To: Henrik Brix Andersen To: FreeBSD-gnats-submit@freebsd.org Cc: Simon L. Nielsen Subject: security/vuxml: Two MySQL vulnerability entries X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 104890 >Category: ports >Synopsis: security/vuxml: Two MySQL vulnerability entries >Confidential: no >Severity: serious >Priority: medium >Responsible: secteam >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Oct 28 23:30:12 GMT 2006 >Closed-Date: Sun Oct 29 13:51:36 GMT 2006 >Last-Modified: Sun Oct 29 14:00:34 GMT 2006 >Originator: Henrik Brix Andersen >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: pil.dk >Environment: System: FreeBSD fangorn.brixandersen.dk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #21: Sat Oct 21 12:22:03 CEST 2006 root@fangorn.brixandersen.dk:/usr/obj/usr/src/sys/FANGORN i386 >Description: Two recent MySQL server vulnerabilities (CVE-2006-4227 and CVE-2006-4226) are yet to be documented in VuXML. >How-To-Repeat: >Fix: Below patch documents these CVEs in vuln.xml. --- vuln.xml.diff begins here --- --- vuln.xml.orig Fri Oct 27 21:37:38 2006 +++ vuln.xml Sun Oct 29 01:21:57 2006 @@ -34,6 +34,64 @@ --> + + mysql -- remote privilege escalation + + + mysql-server + 5.15.1.12 + 5.05.0.25 + + + + +

Dmitri Lenev reports reports a remote privilege escalation in + MySQL. MySQL evaluates arguments of suid routines in the security + context of the routine's definer instead of the routine's caller, + which allows remote authenticated users to gain privileges through a + routine that has been made available using GRANT EXECUTE.

+ +
+ + CVE-2006-4227 + http://bugs.mysql.com/bug.php?id=18630 + + + 2006-03-29 + 2006-10-27 + +
+ + + mysql -- remote privilege escalation + + + mysql-server + 5.15.1.12 + 5.05.0.25 + 4.1.21 + + + + +

Michal Prokopiuk reports a remote privilege escalation in + MySQL. The vulnerability causes MySQL, when run on case-sensitive + filesystems, to allow remote authenticated users to create or access a + database when the database name differs only in case from a database + for which they have permissions.

+ +
+ + 19559 + CVE-2006-4226 + http://bugs.mysql.com/bug.php?id=17647 + + + 2006-08-09 + 2006-10-27 + +
+ Serendipity -- XSS Vulnerabilities --- vuln.xml.diff ends here --- >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->secteam Responsible-Changed-By: linimon Responsible-Changed-When: Sat Oct 28 23:38:50 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=104890 State-Changed-From-To: open->closed State-Changed-By: simon State-Changed-When: Sun Oct 29 13:51:12 UTC 2006 State-Changed-Why: Committed, thanks! I made some minor modifications to make it sound a little less dramatic and to not make it sounds like it's only an issue for remote MySQL users. http://www.freebsd.org/cgi/query-pr.cgi?pr=104890 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/104890: commit references a PR Date: Sun, 29 Oct 2006 13:50:34 +0000 (UTC) simon 2006-10-29 13:50:01 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document two MySQL privilege escalations. PR: ports/104890 Submitted by: Henrik Brix Andersen Approved by: portmgr (secteam blanket) Revision Changes Path 1.1210 +61 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" >Unformatted: