Debian DSA-303-1 : mysql - privilege escalation

NASLDB: Debian DSA-303-1 : mysql - privilege escalation

General

ID: 15140
Name: Debian DSA-303-1 : mysql – privilege escalation

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

CAN-2003-0073: The mysql package contains a bug whereby dynamically
allocated memory is freed more than once, which could be deliberately
triggered by an attacker to cause a crash, resulting in a denial of
service condition. In order to exploit this vulnerability, a valid
username and password combination for access to the MySQL server is
required.

CAN-2003-0150: The mysql package contains a bug whereby a malicious
user, granted certain permissions within mysql, could create a
configuration file which would cause the mysql server to run as root,
or any other user, rather than the mysql user.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2003-0073
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2003/05/15
Plugin Release: 2004/09/29

Plugin

Version: 1.16
Filename: debian_DSA-303.nasl
Filesize: 4158 bytes
MD5 Hash: 415e5fe7d74a1f3ce31103c45b1a3265

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG