FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517944
Date:      2019-11-19
Time:      08:25:04Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
eeae6cce-d05c-11d9-9aed-000e0c2e438amysql-server -- insecure temporary file creation

A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process.

The problem lies in the mysql_install_db script which creates temporary files based on the PID used by the script.


Discovery 2005-05-07
Entry 2005-07-09
mysql-server
gt 4.1 lt 4.1.12

gt 5.0 lt 5.0.6

13660
CVE-2005-1636
http://www.zataz.net/adviso/mysql-05172005.txt
bb4e9a44-dff2-11dd-a765-0030843d3802mysql -- renaming of arbitrary tables by authenticated users

MySQL reports:

The requirement of the DROP privilege for RENAME TABLE was not enforced.


Discovery 2007-05-14
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.23

ge 5.0 lt 5.0.42

ge 5.1 lt 5.1.18

CVE-2007-2691
24016
http://bugs.mysql.com/bug.php?id=27515
fcb90eb0-2ace-11db-a6e2-000e0c2e438amysql -- format string vulnerability

Jean-David Maillefer reports a Denial of Service vulnerability within MySQL. The vulnerability is caused by improper checking of the data_format routine, which cause the MySQL server to crash. The crash is triggered by the following code:

"SELECT date_format('%d%s', 1);


Discovery 2006-06-27
Entry 2006-08-13
mysql-server
ge 5.1 lt 5.1.6

ge 5.0 lt 5.0.19

ge 4.1 lt 4.1.18

19032
CVE-2006-3469
http://bugs.mysql.com/bug.php?id=20729
bb4e9a44-dff2-11dd-a765-0030843d3802mysql -- renaming of arbitrary tables by authenticated users

MySQL reports:

The requirement of the DROP privilege for RENAME TABLE was not enforced.


Discovery 2007-05-14
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.23

ge 5.0 lt 5.0.42

ge 5.1 lt 5.1.18

CVE-2007-2691
24016
http://bugs.mysql.com/bug.php?id=27515
738f8f9e-d661-11dd-a765-0030843d3802mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths

MySQL Team reports:

Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at table-opening time later.


Discovery 2008-07-03
Entry 2008-12-30
mysql-server
ge 4.1 lt 4.1.25

ge 5.0 lt 5.0.75

ge 5.1 lt 5.1.28

ge 6.0 lt 6.0.6

CVE-2008-2079
CVE-2008-4097
CVE-2008-4098
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
619ef337-949a-11d9-b813-00d05964249fmysql-server -- multiple remote vulnerabilities

SecurityFocus reports:

MySQL is reported prone to an insecure temporary file creation vulnerability.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.

MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures.

This issue may be exploited to execute arbitrary code in the context of the database process.


Discovery 2005-03-11
Entry 2005-03-14
mysql-server
ge 4.0.0 lt 4.0.24

ge 4.1.0 lt 4.1.10a

12781
CVE-2005-0709
CVE-2005-0710
CVE-2005-0711
388d9ee4-7f22-11dd-a66a-0019666436c2mysql -- MyISAM table privileges security bypass vulnerability

SecurityFocus reports:

MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions.


Discovery 2008-05-05
Entry 2008-09-10
Modified 2008-10-10
mysql-server
ge 6.0 lt 6.0.5

ge 5.1 lt 5.1.24

ge 5.0 lt 5.0.67

ge 4.1 lt 4.1.22_1

29106
CVE-2008-2079
06a6b2cf-484b-11d9-813c-00065be4b5b6mysql -- ALTER MERGE denial of service vulnerability

Dean Ellis reported a denial of service vulnerability in the MySQL server:

Multiple threads ALTERing the same (or different) MERGE tables to change the UNION eventually crash the server or hang the individual threads.

Note that a script demonstrating the problem is included in the MySQL bug report. Attackers that have control of a MySQL account can easily use a modified version of that script during an attack.


Discovery 2004-01-15
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

ge 4.1.* lt 4.1.1

CVE-2004-0837
11357
http://bugs.mysql.com/bug.php?id=2408
http://rhn.redhat.com/errata/RHSA-2004-611.html
8c451386-dff3-11dd-a765-0030843d3802mysql -- privilege escalation and overwrite of the system table information

MySQL reports:

Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.


Discovery 2007-11-14
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.51

ge 5.1 lt 5.1.23

ge 6.0 lt 6.0.4

CVE-2007-5969
26765
http://bugs.mysql.com/bug.php?id=32111
fcb90eb0-2ace-11db-a6e2-000e0c2e438amysql -- format string vulnerability

Jean-David Maillefer reports a Denial of Service vulnerability within MySQL. The vulnerability is caused by improper checking of the data_format routine, which cause the MySQL server to crash. The crash is triggered by the following code:

"SELECT date_format('%d%s', 1);


Discovery 2006-06-27
Entry 2006-08-13
mysql-server
ge 5.1 lt 5.1.6

ge 5.0 lt 5.0.19

ge 4.1 lt 4.1.18

19032
CVE-2006-3469
http://bugs.mysql.com/bug.php?id=20729
77420ebb-0cf4-11d9-8a8a-000c41e2cdadmysql -- heap buffer overflow with prepared statements

There is a buffer overflow in the prepared statements API (libmysqlclient) when a statement containing thousands of placeholders is executed.


Discovery 2004-09-08
Entry 2004-09-23
mysql-server
mysql-client
ge 4.1.0 le 4.1.4

http://bugs.mysql.com/bug.php?id=5194
http://dev.mysql.com/doc/mysql/en/News-4.1.5.html
http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1932.152.4
7f8cecea-f199-11da-8422-00123ffe8333MySQL -- SQL-injection security vulnerability

MySQL reports:

An SQL-injection security hole has been found in multibyte encoding processing. An SQL-injection security hole can include a situation whereby when inserting user supplied data into a database, the user might inject his own SQL statements that the server will execute. With regards to this vulnerability discovered, when character set unaware escaping is used (e.g., addslashes() in PHP), it is possible to bypass it in some multibyte character sets (e.g., SJIS, BIG5 and GBK). As a result, a function like addslashes() is not able to prevent SQL injection attacks. It is impossible to fix this on the server side. The best solution is for applications to use character set aware escaping offered in a function like mysql_real_escape().

Workarounds:

One can use NO_BACKSLASH_ESCAPES mode as a workaround for a bug in mysql_real_escape_string(), if you cannot upgrade your server for some reason. It will enable SQL standard compatibility mode, where backslash is not considered a special character.


Discovery 2006-05-31
Entry 2006-06-01
mysql-server
ge 5.1 le 5.1.9

ge 5.0 lt 5.0.22

ge 4.1 lt 4.1.20

http://lists.mysql.com/announce/364
http://lists.mysql.com/announce/365
240ac24c-dff3-11dd-a765-0030843d3802mysql -- remote dos via malformed password packet

MySQL reports:

A malformed password packet in the connection protocol could cause the server to crash.


Discovery 2007-07-15
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.44

ge 5.1 lt 5.1.20

CVE-2007-3780
25017
http://bugs.mysql.com/bug.php?id=28984
eeae6cce-d05c-11d9-9aed-000e0c2e438amysql-server -- insecure temporary file creation

A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process.

The problem lies in the mysql_install_db script which creates temporary files based on the PID used by the script.


Discovery 2005-05-07
Entry 2005-07-09
mysql-server
gt 4.1 lt 4.1.12

gt 5.0 lt 5.0.6

13660
CVE-2005-1636
http://www.zataz.net/adviso/mysql-05172005.txt
4913886c-e875-11da-b9f4-00123ffe8333MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Secunia reports:

MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.


Discovery 2006-05-02
Entry 2006-06-01
mysql-server
gt 4.0 lt 4.0.27

gt 4.1 lt 4.1.19

gt 5.1 le 5.1.9

CVE-2006-1516
CVE-2006-1517
CVE-2006-1518
602457
http://www.wisec.it/vulns.php?page=7
http://www.wisec.it/vulns.php?page=8
http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
http://secunia.com/advisories/19929/
http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html
7f8cecea-f199-11da-8422-00123ffe8333MySQL -- SQL-injection security vulnerability

MySQL reports:

An SQL-injection security hole has been found in multibyte encoding processing. An SQL-injection security hole can include a situation whereby when inserting user supplied data into a database, the user might inject his own SQL statements that the server will execute. With regards to this vulnerability discovered, when character set unaware escaping is used (e.g., addslashes() in PHP), it is possible to bypass it in some multibyte character sets (e.g., SJIS, BIG5 and GBK). As a result, a function like addslashes() is not able to prevent SQL injection attacks. It is impossible to fix this on the server side. The best solution is for applications to use character set aware escaping offered in a function like mysql_real_escape().

Workarounds:

One can use NO_BACKSLASH_ESCAPES mode as a workaround for a bug in mysql_real_escape_string(), if you cannot upgrade your server for some reason. It will enable SQL standard compatibility mode, where backslash is not considered a special character.


Discovery 2006-05-31
Entry 2006-06-01
mysql-server
ge 5.1 le 5.1.9

ge 5.0 lt 5.0.22

ge 4.1 lt 4.1.20

http://lists.mysql.com/announce/364
http://lists.mysql.com/announce/365
388d9ee4-7f22-11dd-a66a-0019666436c2mysql -- MyISAM table privileges security bypass vulnerability

SecurityFocus reports:

MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions.


Discovery 2008-05-05
Entry 2008-09-10
Modified 2008-10-10
mysql-server
ge 6.0 lt 6.0.5

ge 5.1 lt 5.1.24

ge 5.0 lt 5.0.67

ge 4.1 lt 4.1.22_1

29106
CVE-2008-2079
a0e92718-6603-11db-ab90-000e35fd8194mysql -- database "case-sensitive" privilege escalation

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.


Discovery 2006-08-09
Entry 2006-10-29
mysql-server
ge 5.1 lt 5.1.12

ge 5.0 lt 5.0.25

lt 4.1.21

19559
CVE-2006-4226
http://bugs.mysql.com/bug.php?id=17647
619ef337-949a-11d9-b813-00d05964249fmysql-server -- multiple remote vulnerabilities

SecurityFocus reports:

MySQL is reported prone to an insecure temporary file creation vulnerability.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.

MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures.

This issue may be exploited to execute arbitrary code in the context of the database process.


Discovery 2005-03-11
Entry 2005-03-14
mysql-server
ge 4.0.0 lt 4.0.24

ge 4.1.0 lt 4.1.10a

12781
CVE-2005-0709
CVE-2005-0710
CVE-2005-0711
77420ebb-0cf4-11d9-8a8a-000c41e2cdadmysql -- heap buffer overflow with prepared statements

There is a buffer overflow in the prepared statements API (libmysqlclient) when a statement containing thousands of placeholders is executed.


Discovery 2004-09-08
Entry 2004-09-23
mysql-server
mysql-client
ge 4.1.0 le 4.1.4

http://bugs.mysql.com/bug.php?id=5194
http://dev.mysql.com/doc/mysql/en/News-4.1.5.html
http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1932.152.4
4913886c-e875-11da-b9f4-00123ffe8333MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Secunia reports:

MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.


Discovery 2006-05-02
Entry 2006-06-01
mysql-server
gt 4.0 lt 4.0.27

gt 4.1 lt 4.1.19

gt 5.1 le 5.1.9

CVE-2006-1516
CVE-2006-1517
CVE-2006-1518
602457
http://www.wisec.it/vulns.php?page=7
http://www.wisec.it/vulns.php?page=8
http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
http://secunia.com/advisories/19929/
http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html
e5e2883d-ceb9-11d8-8898-000d6111a684MySQL authentication bypass / buffer overflow

By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed.


Discovery 2004-07-01
Entry 2004-07-05
Modified 2004-08-28
mysql-server
ge 4.1 lt 4.1.3

ge 5 le 5.0.0_2

CVE-2004-0627
CVE-2004-0628
184030
645326
http://www.nextgenss.com/advisories/mysql-authbypass.txt
http://dev.mysql.com/doc/mysql/en/News-4.1.3.html
http://secunia.com/advisories/12020
http://www.osvdb.org/7475
http://www.osvdb.org/7476
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html
8c451386-dff3-11dd-a765-0030843d3802mysql -- privilege escalation and overwrite of the system table information

MySQL reports:

Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.


Discovery 2007-11-14
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.51

ge 5.1 lt 5.1.23

ge 6.0 lt 6.0.4

CVE-2007-5969
26765
http://bugs.mysql.com/bug.php?id=32111
e5e2883d-ceb9-11d8-8898-000d6111a684MySQL authentication bypass / buffer overflow

By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed.


Discovery 2004-07-01
Entry 2004-07-05
Modified 2004-08-28
mysql-server
ge 4.1 lt 4.1.3

ge 5 le 5.0.0_2

CVE-2004-0627
CVE-2004-0628
184030
645326
http://www.nextgenss.com/advisories/mysql-authbypass.txt
http://dev.mysql.com/doc/mysql/en/News-4.1.3.html
http://secunia.com/advisories/12020
http://www.osvdb.org/7475
http://www.osvdb.org/7476
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html
240ac24c-dff3-11dd-a765-0030843d3802mysql -- remote dos via malformed password packet

MySQL reports:

A malformed password packet in the connection protocol could cause the server to crash.


Discovery 2007-07-15
Entry 2009-01-11
mysql-server
ge 4.1 lt 4.1.24

ge 5.0 lt 5.0.44

ge 5.1 lt 5.1.20

CVE-2007-3780
25017
http://bugs.mysql.com/bug.php?id=28984
738f8f9e-d661-11dd-a765-0030843d3802mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths

MySQL Team reports:

Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at table-opening time later.


Discovery 2008-07-03
Entry 2008-12-30
mysql-server
ge 4.1 lt 4.1.25

ge 5.0 lt 5.0.75

ge 5.1 lt 5.1.28

ge 6.0 lt 6.0.6

CVE-2008-2079
CVE-2008-4097
CVE-2008-4098
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
a0e92718-6603-11db-ab90-000e35fd8194mysql -- database "case-sensitive" privilege escalation

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.


Discovery 2006-08-09
Entry 2006-10-29
mysql-server
ge 5.1 lt 5.1.12

ge 5.0 lt 5.0.25

lt 4.1.21

19559
CVE-2006-4226
http://bugs.mysql.com/bug.php?id=17647