FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318453
Date:      2013-05-18
Time:      20:35:07Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a0e92718-6603-11db-ab90-000e35fd8194mysql -- database "case-sensitive" privilege escalation

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.


Discovery 2006-08-09
Entry 2006-10-29
mysql-server
ge 5.1 lt 5.1.12

ge 5.0 lt 5.0.25

lt 4.1.21

19559
CVE-2006-4226
http://bugs.mysql.com/bug.php?id=17647
4913886c-e875-11da-b9f4-00123ffe8333MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Secunia reports:

MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.


Discovery 2006-05-02
Entry 2006-06-01
mysql-server
gt 4.0 lt 4.0.27

gt 4.1 lt 4.1.19

gt 5.1 le 5.1.9

CVE-2006-1516
CVE-2006-1517
CVE-2006-1518
602457
http://www.wisec.it/vulns.php?page=7
http://www.wisec.it/vulns.php?page=8
http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
http://secunia.com/advisories/19929/
http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html
4913886c-e875-11da-b9f4-00123ffe8333MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Secunia reports:

MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.


Discovery 2006-05-02
Entry 2006-06-01
mysql-server
gt 4.0 lt 4.0.27

gt 4.1 lt 4.1.19

gt 5.1 le 5.1.9

CVE-2006-1516
CVE-2006-1517
CVE-2006-1518
602457
http://www.wisec.it/vulns.php?page=7
http://www.wisec.it/vulns.php?page=8
http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
http://secunia.com/advisories/19929/
http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html
619ef337-949a-11d9-b813-00d05964249fmysql-server -- multiple remote vulnerabilities

SecurityFocus reports:

MySQL is reported prone to an insecure temporary file creation vulnerability.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.

MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures.

This issue may be exploited to execute arbitrary code in the context of the database process.


Discovery 2005-03-11
Entry 2005-03-14
mysql-server
ge 4.0.0 lt 4.0.24

ge 4.1.0 lt 4.1.10a

12781
CVE-2005-0709
CVE-2005-0710
CVE-2005-0711
619ef337-949a-11d9-b813-00d05964249fmysql-server -- multiple remote vulnerabilities

SecurityFocus reports:

MySQL is reported prone to an insecure temporary file creation vulnerability.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.

MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures.

This issue may be exploited to execute arbitrary code in the context of the database process.


Discovery 2005-03-11
Entry 2005-03-14
mysql-server
ge 4.0.0 lt 4.0.24

ge 4.1.0 lt 4.1.10a

12781
CVE-2005-0709
CVE-2005-0710
CVE-2005-0711
a0e92718-6603-11db-ab90-000e35fd8194mysql -- database "case-sensitive" privilege escalation

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.


Discovery 2006-08-09
Entry 2006-10-29
mysql-server
ge 5.1 lt 5.1.12

ge 5.0 lt 5.0.25

lt 4.1.21

19559
CVE-2006-4226
http://bugs.mysql.com/bug.php?id=17647