FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a0e92718-6603-11db-ab90-000e35fd8194mysql -- database "case-sensitive" privilege escalation

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Discovery 2006-08-09
Entry 2006-10-29
ge 5.1 lt 5.1.12

ge 5.0 lt 5.0.25

lt 4.1.21

eeae6cce-d05c-11d9-9aed-000e0c2e438amysql-server -- insecure temporary file creation

A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process.

The problem lies in the mysql_install_db script which creates temporary files based on the PID used by the script.

Discovery 2005-05-07
Entry 2005-07-09
gt 4.1 lt 4.1.12

gt 5.0 lt 5.0.6

7f8cecea-f199-11da-8422-00123ffe8333MySQL -- SQL-injection security vulnerability

MySQL reports:

An SQL-injection security hole has been found in multibyte encoding processing. An SQL-injection security hole can include a situation whereby when inserting user supplied data into a database, the user might inject his own SQL statements that the server will execute. With regards to this vulnerability discovered, when character set unaware escaping is used (e.g., addslashes() in PHP), it is possible to bypass it in some multibyte character sets (e.g., SJIS, BIG5 and GBK). As a result, a function like addslashes() is not able to prevent SQL injection attacks. It is impossible to fix this on the server side. The best solution is for applications to use character set aware escaping offered in a function like mysql_real_escape().


One can use NO_BACKSLASH_ESCAPES mode as a workaround for a bug in mysql_real_escape_string(), if you cannot upgrade your server for some reason. It will enable SQL standard compatibility mode, where backslash is not considered a special character.

Discovery 2006-05-31
Entry 2006-06-01
ge 5.1 le 5.1.9

ge 5.0 lt 5.0.22

ge 4.1 lt 4.1.20
388d9ee4-7f22-11dd-a66a-0019666436c2mysql -- MyISAM table privileges security bypass vulnerability

SecurityFocus reports:

MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions.

Discovery 2008-05-05
Entry 2008-09-10
Modified 2008-10-10
ge 6.0 lt 6.0.5

ge 5.1 lt 5.1.24

ge 5.0 lt 5.0.67

ge 4.1 lt 4.1.22_1

bb4e9a44-dff2-11dd-a765-0030843d3802mysql -- renaming of arbitrary tables by authenticated users

MySQL reports:

The requirement of the DROP privilege for RENAME TABLE was not enforced.

Discovery 2007-05-14
Entry 2009-01-11
ge 4.1 lt 4.1.23

ge 5.0 lt 5.0.42

ge 5.1 lt 5.1.18

8c451386-dff3-11dd-a765-0030843d3802mysql -- privilege escalation and overwrite of the system table information

MySQL reports:

Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.

Discovery 2007-11-14
Entry 2009-01-11
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.51

ge 5.1 lt 5.1.23

ge 6.0 lt 6.0.4

66a770b4-e008-11dd-a765-0030843d3802mysql -- empty bit-string literal denial of service

MySQL reports:

The vulnerability is caused due to an error when processing an empty bit-string literal and can be exploited to crash the server via a specially crafted SQL statement.

Discovery 2008-09-11
Entry 2009-01-11
ge 5.0 lt 5.0.66

ge 5.1 lt 5.1.26

ge 6.0 lt 6.0.6

240ac24c-dff3-11dd-a765-0030843d3802mysql -- remote dos via malformed password packet

MySQL reports:

A malformed password packet in the connection protocol could cause the server to crash.

Discovery 2007-07-15
Entry 2009-01-11
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.44

ge 5.1 lt 5.1.20

738f8f9e-d661-11dd-a765-0030843d3802mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths

MySQL Team reports:

Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at table-opening time later.

Discovery 2008-07-03
Entry 2008-12-30
ge 4.1 lt 4.1.25

ge 5.0 lt 5.0.75

ge 5.1 lt 5.1.28

ge 6.0 lt 6.0.6

a9c51caf-6603-11db-ab90-000e35fd8194mysql -- database suid privilege escalation

Dmitri Lenev reports a privilege escalation in MySQL. MySQL evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote and local authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

Discovery 2006-03-29
Entry 2006-10-29
Modified 2006-10-30
ge 5.1 lt 5.1.12

ge 5.0 lt 5.0.25

fcb90eb0-2ace-11db-a6e2-000e0c2e438amysql -- format string vulnerability

Jean-David Maillefer reports a Denial of Service vulnerability within MySQL. The vulnerability is caused by improper checking of the data_format routine, which cause the MySQL server to crash. The crash is triggered by the following code:

"SELECT date_format('%d%s', 1);

Discovery 2006-06-27
Entry 2006-08-13
ge 5.1 lt 5.1.6

ge 5.0 lt 5.0.19

ge 4.1 lt 4.1.18

a8d8713e-dc83-11da-a22b-000c6ec775d9mysql50-server -- COM_TABLE_DUMP arbitrary code execution

Stefano Di Paola reports:

An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow.

To take advantage of these flaws an attacker should have direct access to MySQL server communication layer (port 3306 or unix socket). But if used in conjuction with some web application flaws (i.e. php code injection) an attacker could use socket programming (i.e. php sockets) to gain access to that layer.

Discovery 2006-05-02
Entry 2006-05-06
gt 5.0 lt 5.0.21