This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
835256b8-46ed-11d9-8ce0-00065be4b5b6 | mysql -- mysql_real_connect buffer overflow vulnerability The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems. Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:
Discovery 2004-06-04 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 mysql-client le 3.23.58_3 ge 4.* lt 4.0.21 CVE-2004-0836 10981 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://rhn.redhat.com/errata/RHSA-2004-611.html http://www.osvdb.org/displayvuln.php?osvdb_id=10658 |
06a6b2cf-484b-11d9-813c-00065be4b5b6 | mysql -- ALTER MERGE denial of service vulnerability Dean Ellis reported a denial of service vulnerability in the MySQL server:
Note that a script demonstrating the problem is included in the MySQL bug report. Attackers that have control of a MySQL account can easily use a modified version of that script during an attack. Discovery 2004-01-15 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 ge 4.1.* lt 4.1.1 CVE-2004-0837 11357 http://bugs.mysql.com/bug.php?id=2408 http://rhn.redhat.com/errata/RHSA-2004-611.html |
a0e92718-6603-11db-ab90-000e35fd8194 | mysql -- database "case-sensitive" privilege escalation Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Discovery 2006-08-09 Entry 2006-10-29 mysql-server ge 5.1 lt 5.1.12 ge 5.0 lt 5.0.25 < 4.1.21 19559 CVE-2006-4226 http://bugs.mysql.com/bug.php?id=17647 |
01c231cd-4393-11d9-8bb9-00065be4b5b6 | mysql -- GRANT access restriction problem When a user is granted access to a database with a name containing an underscore and the underscore is not escaped then that user might also be able to access other, similarly named, databases on the affected system. The problem is that the underscore is seen as a wildcard by MySQL and therefore it is possible that an admin might accidently GRANT a user access to multiple databases. Discovery 2004-03-29 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 CVE-2004-0957 11435 http://bugs.mysql.com/bug.php?id=3933 http://rhn.redhat.com/errata/RHSA-2004-611.html http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html |
035d17b2-484a-11d9-813c-00065be4b5b6 | mysql -- erroneous access restrictions applied to table renames A Red Hat advisory reports:
Table access restrictions, on the affected MySQL servers, may accidently or intentially be bypassed due to this bug. Discovery 2004-03-23 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 CVE-2004-0835 11357 http://bugs.mysql.com/bug.php?id=3270 http://rhn.redhat.com/errata/RHSA-2004-611.html http://xforce.iss.net/xforce/xfdb/17666 |