Ubuntu Update For Mysql-dfsg-5.0 Vulnerabilities USN-671-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-671-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098) It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. (CVE-2008-3963)

Affected

mysql-dfsg-5.0 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-November/000778.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098

CVSS	Base Score: 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1

Take action and discover your vulnerabilities