HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2006-28
MySQL Multiple Restrictions Bypass Vulnerabilities

Original issue date: September 12, 2006

Severity Rating: Medium

Systems Affected

  • MySQL version 4.0.25 and prior
  • MySQL version 4.1.20 and prior
  • MySQL version 5.0.24 and prior
  • MySQL version 5.1.11 and prior

Overview

Multiple vulnerabilities have been reported in MySQL which could be exploited by attackers to execute arbitrary code or by pass security restrictions causes denial of service attack.

Description

1. MySQL MERGE Privilege Revoke Bypass Vulnerability ( CVE-2006-4031 )

A vulnerability has been reported in MySQL due to design error while accessing certain tables. This could allow remote attacker with revoked privilege to gain access original table through previously created merge table.


2. MySQL Database Creation Security Bypass Vulnerability ( CVE-2006-4226 )

A vulnerability has been reported in MySQL due to creating a database while run on case sensitive file systems. This could allow remote attackers to create or access the database when the database name only differs in case from a database for which they have permissions.


3. MySQL Database Creation Privilege Escalation Vulnerability ( CVE-2006-4227 )

A vulnerability has been reported in MySQL while suid routine arguments are calculated in an incorrect security context of the routine's definer instead of the routine's caller.
This could be exploited by attacker with "EXECUTE" privileges to execute arbitrary DML statements.


4.MySQL Multiupdate and Subselects Denial Of Service Vulnerability ( CVE-2006-4380 )

MySQL before 4.1.13 allows attackers to crash the slave replication process via a query with multiupdate and subselects cause a denial of service attack.

Solution

Apply Appropriate patch suggested by vendor.
http://dev.mysql.com/downloads/

Vendor information

MySQL
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html

References

Security Focus
http://www.securityfocus.com/bid/19279
http://www.securityfocus.com/bid/19559
http://www.securityfocus.com/bid/19794

FrSIRT
http://www.frsirt.com/english/advisories/2006/3079
http://www.frsirt.com/english/advisories/2006/3306

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003