• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: MySQL Privilege Elevation and Security Bypass Vulnerabilities

Severity: HIGH

Description:

MySQL is a freely available SQL database that is available for multiple platforms.

MySQL is prone to these vulnerabilities:

- A privilege-elevation issue. The application incorrectly calculates arguments to the SUID routines in the context of the routines' definer instead of the caller. A user with privileges to call SUID routines may be able to execute certain commands and code with the privileges of the definer, which can lead to privilege escalation.

- A security-bypass issue. A user who has access to a database but who is not granted privileges to create new databases may bypass this restriction using CREATE DATABASE. An attacker can use the name of the database that they have access to, but modify it slightly (such as by using a capital letter in the name) to create a new database. This bypasses the restriction that prevents the user from creating new databases.

MySQL 5.0.24 and prior versions are affected by these issues.

Affected Products:

• Apple Mac OS X Server 10.4.0
• Apple Mac OS X Server 10.4.1
• Apple Mac OS X Server 10.4.2
• Apple Mac OS X Server 10.4.3
• Apple Mac OS X Server 10.4.4
• Apple Mac OS X Server 10.4.5
• Apple Mac OS X Server 10.4.6
• Apple Mac OS X Server 10.4.7
• Apple Mac OS X Server 10.4.8
• Conectiva Linux 10.0.0
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• Linux kernel 2.4.19
• Linux kernel 2.4.21
• Linux kernel 2.6.5
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MandrakeSoft Linux Mandrake 10.1.0
• MandrakeSoft Linux Mandrake 10.1.0 x86_64
• MandrakeSoft Linux Mandrake 2006.0.0
• MandrakeSoft Linux Mandrake 2006.0.0 x86_64
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc
• MandrakeSoft Linux Mandrake 9.2.0
• MandrakeSoft Linux Mandrake 9.2.0 amd64
• MySQL AB MySQL 4.0.0.0
• MySQL AB MySQL 4.0.1
• MySQL AB MySQL 4.0.10
• MySQL AB MySQL 4.0.11
• MySQL AB MySQL 4.0.11 -gamma
• MySQL AB MySQL 4.0.12
• MySQL AB MySQL 4.0.13
• MySQL AB MySQL 4.0.14
• MySQL AB MySQL 4.0.15
• MySQL AB MySQL 4.0.17
• MySQL AB MySQL 4.0.18
• MySQL AB MySQL 4.0.2
• MySQL AB MySQL 4.0.20
• MySQL AB MySQL 4.0.21
• MySQL AB MySQL 4.0.23
• MySQL AB MySQL 4.0.24
• MySQL AB MySQL 4.0.25
• MySQL AB MySQL 4.0.26
• MySQL AB MySQL 4.0.27
• MySQL AB MySQL 4.0.3
• MySQL AB MySQL 4.0.4
• MySQL AB MySQL 4.0.5
• MySQL AB MySQL 4.0.5 A
• MySQL AB MySQL 4.0.6
• MySQL AB MySQL 4.0.7
• MySQL AB MySQL 4.0.7 -gamma
• MySQL AB MySQL 4.0.8
• MySQL AB MySQL 4.0.8 -gamma
• MySQL AB MySQL 4.0.9
• MySQL AB MySQL 4.0.9 -gamma
• MySQL AB MySQL 4.1.0 .11
• MySQL AB MySQL 4.1.0-0
• MySQL AB MySQL 4.1.0.0-alpha
• MySQL AB MySQL 4.1.10a
• MySQL AB MySQL 4.1.11
• MySQL AB MySQL 4.1.11a
• MySQL AB MySQL 4.1.12
• MySQL AB MySQL 4.1.13
• MySQL AB MySQL 4.1.15
• MySQL AB MySQL 4.1.16
• MySQL AB MySQL 4.1.18
• MySQL AB MySQL 4.1.19
• MySQL AB MySQL 4.1.2 -alpha
• MySQL AB MySQL 4.1.20
• MySQL AB MySQL 4.1.21
• MySQL AB MySQL 4.1.3 -0
• MySQL AB MySQL 4.1.3 -beta
• MySQL AB MySQL 4.1.3 -beta
• MySQL AB MySQL 4.1.4
• MySQL AB MySQL 4.1.5
• MySQL AB MySQL 4.1.7
• MySQL AB MySQL 5.0.0 .0-0
• MySQL AB MySQL 5.0.0 .0-alpha
• MySQL AB MySQL 5.0.1
• MySQL AB MySQL 5.0.18
• MySQL AB MySQL 5.0.19
• MySQL AB MySQL 5.0.2
• MySQL AB MySQL 5.0.20
• MySQL AB MySQL 5.0.21
• MySQL AB MySQL 5.0.22 -1-0.1
• MySQL AB MySQL 5.0.24
• MySQL AB MySQL 5.0.3
• MySQL AB MySQL 5.0.4
• MySQL AB MySQL 5.1.10
• MySQL AB MySQL 5.1.5
• MySQL AB MySQL 5.1.6
• MySQL AB MySQL 5.1.9
• OpenPKG OpenPKG 1.3.0
• OpenPKG OpenPKG Current
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux 5 server
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux Desktop 5 client
• RedHat Enterprise Linux Desktop Workstation 5 client
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 4
• S.u.S.E. Linux Connectivity Server
• S.u.S.E. Linux Database Server
• S.u.S.E. Linux Desktop 1.0.0
• S.u.S.E. Linux Desktop 10
• S.u.S.E. Linux Enterprise SDK 10
• S.u.S.E. Linux Enterprise Server 10
• S.u.S.E. Linux Enterprise Server 8
• S.u.S.E. Linux Enterprise Server 9
• S.u.S.E. Linux Enterprise Server SDK 9
• S.u.S.E. Linux Enterprise Server for S/390
• S.u.S.E. Linux Enterprise Server for S/390 9.0.0
• S.u.S.E. Linux Office Server
• S.u.S.E. Linux Openexchange Server
• S.u.S.E. Linux Personal 10.0.0 OSS
• S.u.S.E. Linux Personal 10.1
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.1.0 x86_64
• S.u.S.E. Linux Personal 9.2.0
• S.u.S.E. Linux Personal 9.2.0 x86_64
• S.u.S.E. Linux Personal 9.3.0
• S.u.S.E. Linux Personal 9.3.0 x86_64
• S.u.S.E. Linux Professional 10.0.0
• S.u.S.E. Linux Professional 10.0.0 OSS
• S.u.S.E. Linux Professional 10.1
• S.u.S.E. Linux Professional 9.1.0
• S.u.S.E. Linux Professional 9.1.0 x86_64
• S.u.S.E. Linux Professional 9.2.0
• S.u.S.E. Linux Professional 9.2.0 x86_64
• S.u.S.E. Linux Professional 9.3.0
• S.u.S.E. Linux Professional 9.3.0 x86_64
• S.u.S.E. Novell Linux Desktop 1.0.0
• S.u.S.E. Novell Linux Desktop 9.0.0
• S.u.S.E. Office Server
• S.u.S.E. Open-Enterprise-Server
• S.u.S.E. Open-Enterprise-Server 1
• S.u.S.E. Open-Enterprise-Server 9.0.0
• S.u.S.E. SUSE LINUX Retail Solution 8.0.0
• S.u.S.E. SuSE Linux School Server for i386
• S.u.S.E. SuSE Linux Standard Server 8.0.0
• S.u.S.E. UnitedLinux 1.0.0
• Trustix Secure Linux 2.0.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc
• Ubuntu Ubuntu Linux 5.0.0 4 amd64
• Ubuntu Ubuntu Linux 5.0.0 4 i386
• Ubuntu Ubuntu Linux 5.0.0 4 powerpc

References:

• Dmitri Lenev: Bug #18630 Arguments of suid routine calculated in wrong security context
• Michal Prokopiuk: Bug #17647 Trouble with create database
• MySQL: MySQL Home Page
• Red Hat: RHSA-2007:0152-2 mysql security update
• Red Hat: RHSA-2008:0364-9 mysql security and bug fix update

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.