FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
738f8f9e-d661-11dd-a765-0030843d3802mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths

MySQL Team reports:

Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at table-opening time later.


Discovery 2008-07-03
Entry 2008-12-30
mysql-server
ge 4.1 lt 4.1.25

ge 5.0 lt 5.0.75

ge 5.1 lt 5.1.28

ge 6.0 lt 6.0.6

CVE-2008-2079
CVE-2008-4097
CVE-2008-4098
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
8c451386-dff3-11dd-a765-0030843d3802mysql -- privilege escalation and overwrite of the system table information

MySQL reports:

Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.


Discovery 2007-11-14
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.51

ge 5.1 lt 5.1.23

ge 6.0 lt 6.0.4

CVE-2007-5969
26765
http://bugs.mysql.com/bug.php?id=32111
bb4e9a44-dff2-11dd-a765-0030843d3802mysql -- renaming of arbitrary tables by authenticated users

MySQL reports:

The requirement of the DROP privilege for RENAME TABLE was not enforced.


Discovery 2007-05-14
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.23

ge 5.0 lt 5.0.42

ge 5.1 lt 5.1.18

CVE-2007-2691
24016
http://bugs.mysql.com/bug.php?id=27515
240ac24c-dff3-11dd-a765-0030843d3802mysql -- remote dos via malformed password packet

MySQL reports:

A malformed password packet in the connection protocol could cause the server to crash.


Discovery 2007-07-15
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.44

ge 5.1 lt 5.1.20

CVE-2007-3780
25017
http://bugs.mysql.com/bug.php?id=28984
388d9ee4-7f22-11dd-a66a-0019666436c2mysql -- MyISAM table privileges security bypass vulnerability

SecurityFocus reports:

MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions.


Discovery 2008-05-05
Entry 2008-09-10
Modified 2008-10-10
mysql-server
ge 6.0 lt 6.0.5

ge 5.1 lt 5.1.24

ge 5.0 lt 5.0.67

ge 4.1 lt 4.1.22_1

29106
CVE-2008-2079