FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4913886c-e875-11da-b9f4-00123ffe8333MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Secunia reports:

MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.


Discovery 2006-05-02
Entry 2006-06-01
mysql-server
gt 4.0 lt 4.0.27

gt 4.1 lt 4.1.19

gt 5.1 le 5.1.9

CVE-2006-1516
CVE-2006-1517
CVE-2006-1518
602457
http://www.wisec.it/vulns.php?page=7
http://www.wisec.it/vulns.php?page=8
http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
http://secunia.com/advisories/19929/
http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html
835256b8-46ed-11d9-8ce0-00065be4b5b6mysql -- mysql_real_connect buffer overflow vulnerability

The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems.

Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:

In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response


Discovery 2004-06-04
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

mysql-client
le 3.23.58_3

ge 4.* lt 4.0.21

CVE-2004-0836
10981
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.osvdb.org/displayvuln.php?osvdb_id=10658
29edd807-438d-11d9-8bb9-00065be4b5b6mysql -- FTS request denial of service vulnerability

A special crafted MySQL FTS request can cause the server to crash. Malicious MySQL users can abuse this bug in a denial of service attack against systems running an affected MySQL daemon.

Note that because this bug is related to the parsing of requests, it may happen that this bug is triggered accidently by a user when he or she makes a typo.


Discovery 2004-03-23
Entry 2004-12-16
mysql-server
ge 4.* lt 4.0.21

http://bugs.mysql.com/bug.php?id=3870
CVE-2004-0956
11432
06a6b2cf-484b-11d9-813c-00065be4b5b6mysql -- ALTER MERGE denial of service vulnerability

Dean Ellis reported a denial of service vulnerability in the MySQL server:

Multiple threads ALTERing the same (or different) MERGE tables to change the UNION eventually crash the server or hang the individual threads.

Note that a script demonstrating the problem is included in the MySQL bug report. Attackers that have control of a MySQL account can easily use a modified version of that script during an attack.


Discovery 2004-01-15
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

ge 4.1.* lt 4.1.1

CVE-2004-0837
11357
http://bugs.mysql.com/bug.php?id=2408
http://rhn.redhat.com/errata/RHSA-2004-611.html
035d17b2-484a-11d9-813c-00065be4b5b6mysql -- erroneous access restrictions applied to table renames

A Red Hat advisory reports:

Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one.

Table access restrictions, on the affected MySQL servers, may accidently or intentially be bypassed due to this bug.


Discovery 2004-03-23
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

CVE-2004-0835
11357
http://bugs.mysql.com/bug.php?id=3270
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://xforce.iss.net/xforce/xfdb/17666
a0e92718-6603-11db-ab90-000e35fd8194mysql -- database "case-sensitive" privilege escalation

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.


Discovery 2006-08-09
Entry 2006-10-29
mysql-server
ge 5.1 lt 5.1.12

ge 5.0 lt 5.0.25

< 4.1.21

19559
CVE-2006-4226
http://bugs.mysql.com/bug.php?id=17647
01c231cd-4393-11d9-8bb9-00065be4b5b6mysql -- GRANT access restriction problem

When a user is granted access to a database with a name containing an underscore and the underscore is not escaped then that user might also be able to access other, similarly named, databases on the affected system.

The problem is that the underscore is seen as a wildcard by MySQL and therefore it is possible that an admin might accidently GRANT a user access to multiple databases.


Discovery 2004-03-29
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

CVE-2004-0957
11435
http://bugs.mysql.com/bug.php?id=3933
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html
619ef337-949a-11d9-b813-00d05964249fmysql-server -- multiple remote vulnerabilities

SecurityFocus reports:

MySQL is reported prone to an insecure temporary file creation vulnerability.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.

MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures.

This issue may be exploited to execute arbitrary code in the context of the database process.


Discovery 2005-03-11
Entry 2005-03-14
mysql-server
ge 4.0.0 lt 4.0.24

ge 4.1.0 lt 4.1.10a

12781
CVE-2005-0709
CVE-2005-0710
CVE-2005-0711