Vulnerability Bulletins |
Aumento de privilegios en MySQL |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de privilegios |
Dificulty | Principiante |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | MySQL <=3.23.58 |
Description |
|
Se ha descubierto una vulnerabilidad en la versión 3.2.58 y anteriores de MySQL. La vulnerabilidad reside en que si un usuario tiene privilegios sobre una base de datos cuyo nombre incluye el carácter "_" el usuario puede obtener privilegios en bases de datos con nombres similares. Esta vulnerabilidad podría permitir a un usuario malicioso realizar acciones para las que en principio no tiene autorización. |
|
Solution |
|
Actualización de software Red Hat Linux Red Hat Enterprise Linux AS (v. 2.1) SRPMS mysql-3.23.58-1.72.1.src.rpm i386 mysql-3.23.58-1.72.1.i386.rpm mysql-devel-3.23.58-1.72.1.i386.rpm mysql-server-3.23.58-1.72.1.i386.rpm ia64: mysql-3.23.58-1.72.1.ia64.rpm mysql-devel-3.23.58-1.72.1.ia64.rpm mysql-server-3.23.58-1.72.1.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS mysql-3.23.58-1.72.1.src.rpm i386 mysql-3.23.58-1.72.1.i386.rpm mysql-devel-3.23.58-1.72.1.i386.rpm mysql-server-3.23.58-1.72.1.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS mysql-3.23.58-1.72.1.src.rpm i386 mysql-3.23.58-1.72.1.i386.rpm mysql-devel-3.23.58-1.72.1.i386.rpm mysql-server-3.23.58-1.72.1.i386.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS mysql-3.23.58-1.72.1.src.rpm ia64 mysql-3.23.58-1.72.1.ia64.rpm mysql-devel-3.23.58-1.72.1.ia64.rpm mysql-server-3.23.58-1.72.1.ia64.rpm https://rhn.redhat.com/ Red Hat Linux Red Hat Desktop (v. 3) AMD64 mysql-server-3.23.58-2.3.x86_64.rpm i386 mysql-server-3.23.58-2.3.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 mysql-server-3.23.58-2.3.x86_64.rpm i386 mysql-server-3.23.58-2.3.i386.rpm ia64 mysql-server-3.23.58-2.3.ia64.rpm ppc mysql-server-3.23.58-2.3.ppc.rpm s390 mysql-server-3.23.58-2.3.s390.rpm s390x mysql-server-3.23.58-2.3.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 mysql-server-3.23.58-2.3.x86_64.rpm i386 mysql-server-3.23.58-2.3.i386.rpm ia64 mysql-server-3.23.58-2.3.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 mysql-server-3.23.58-2.3.x86_64.rpm i386 mysql-server-3.23.58-2.3.i386.rpm ia64 mysql-server-3.23.58-2.3.ia64.rpm https://rhn.redhat.com/ Fedora Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/mysql-3.23.58-9.1.src.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/mysql-3.23.58-9.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/mysql-server-3.23.58-9.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/mysql-devel-3.23.58-9.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/mysql-bench-3.23.58-9.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/debug/mysql-debuginfo-3.23.58-9.1.x86_64.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/mysql-3.23.58-9.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/mysql-server-3.23.58-9.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/mysql-devel-3.23.58-9.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/mysql-bench-3.23.58-9.1.i386.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/debug/mysql-debuginfo-3.23.58-9.1.i386.rpm Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libmysql12-4.0.18-1.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libmysql12-devel-4.0.18-1.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-4.0.18-1.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64mysql12-4.0.18-1.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-4.0.18-1.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libmysql12-4.0.20-3.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libmysql12-devel-4.0.20-3.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-4.0.20-3.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-4.0.20-3.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libmysql12-4.0.18-1.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.dsc http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.diff.gz http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.11_all.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb Alpha http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_alpha.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_alpha.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_alpha.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_alpha.deb ARM http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_arm.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_arm.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_arm.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_i386.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_i386.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_i386.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_ia64.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_ia64.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_ia64.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_ia64.deb HP Precision http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_hppa.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_hppa.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_hppa.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_m68k.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_m68k.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_m68k.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mips.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mips.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mips.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mipsel.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mipsel.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mipsel.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_powerpc.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_powerpc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_powerpc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_s390.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_s390.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_s390.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_sparc.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_sparc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_sparc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_sparc.deb SCO UnixWare 7.1.4 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.27/MySQL-4.1.11.pkg |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-0957 |
BID | |
Other resources |
|
Red Hat Security Advisory RHSA-2004:597-06 https://rhn.redhat.com/errata/RHSA-2004-597.html Red Hat Security Advisory RHSA-2004:611-04 https://rhn.redhat.com/errata/RHSA-2004-611.html Fedora Update Notification FEDORA-2004-530 http://www.redhat.com/archives/fedora-announce-list/2004-December/msg00047.html Mandriva Security Advisories MDKSA-2005:070 http://www.mandriva.com/security/advisories?name=MDKSA-2005:070 Debian Security Advisory DSA 707-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00087.html SCO Security Advisory SCOSA-2005.27 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.27/SCOSA-2005.27.txt |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-10-21 |
1.1 | Aviso emitido por Red Hat (RHSA-2004:611-04) | 2004-10-28 |
1.2 | Aviso emitido por Fedora (FEDORA-2004-530) | 2004-12-09 |
1.3 | Aviso emitido por Mandrake (MDKSA-2005:070). Aviso emitido por Debian (DSA 707-1). | 2005-04-14 |
1.4 | Aviso emitido por SCO (SCOSA-2005.27) | 2005-06-07 |