FreeBSD : mysql50-server -- COM_TABLE_DUMP arbitrary code execution (a8d8713e-dc83-11da-a22b-000c6ec775d9)

NASLDB: FreeBSD : mysql50-server -- COM_TABLE_DUMP arbitrary code execution (a8d8713e-dc83-11da-a22b-000c6ec775d9)

General

ID: 21492
Name: FreeBSD : mysql50-server — COM_TABLE_DUMP arbitrary code execution (a8d8713e-dc83-11da-a22b-000c6ec775d9)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

Stefano Di Paola reports :

An authenticated user could remotely execute arbitrary commands by
taking advantage of a stack overflow.

To take advantage of these flaws an attacker should have direct access
to MySQL server communication layer (port 3306 or unix socket). But if
used in conjuction with some web application flaws (i.e. php code
injection) an attacker could use socket programming (i.e. php sockets)
to gain access to that layer.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2006-1518
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2006/05/02
Patch Release: 2006/05/06
Plugin Release: 2006/05/13

Plugin

Version: 1.9
Filename: freebsd_pkg_a8d8713edc8311daa22b000c6ec775d9.nasl
Filesize: 4735 bytes
MD5 Hash: e7622ebc1e3712973620c03a2fa3bb93

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"