===================================================================
File: vuln.xml         	Status: Locally Modified

   Working revision:	1.401
   Repository revision:	1.401	/home/pcvs/ports/security/vuxml/vuln.xml,v
   Sticky Tag:		(none)
   Sticky Date:		(none)
   Sticky Options:	(none)

Index: vuln.xml
===================================================================
RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.401
diff -u -r1.401 vuln.xml
--- vuln.xml	14 Dec 2004 17:55:51 -0000	1.401
+++ vuln.xml	14 Dec 2004 19:55:03 -0000
@@ -32,6 +32,235 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+
+   <vuln vid="035d17b2-484a-11d9-813c-00065be4b5b6">
+     <topic>MySQL -- ALTER TABLE .. RENAME access restriction problem</topic>
+     <affects>
+       <package>
+	 <name>mysql40-server</name>
+
+	 <range><lt>4.0.21</lt></range>
+       </package>
+       <package>
+	 <name>mysql323-server</name>
+	 <range><lt>3.23.59</lt></range>
+       </package>
+     </affects>
+
+     <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+	 <p>
+	 Oleksandr Byelkin discovered that "ALTER TABLE .. RENAME" queries
+	 checked the CREATE/INSERT rights of the old table instead of the
+	 new one.  This could allow malicious users to gain unauthorized
+	 access to data stored by an affected MySQL server.
+	 </p>
+       </body>
+     </description>
+     <references>
+	<cvename>CAN-2004-0835</cvename>
+
+	<bid>11357</bid>
+	<url>http://bugs.mysql.com/bug.php?id=3270</url>
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+     </references>
+     <dates>
+       <discovery>2004-03-23</discovery>
+       <entry>2004-12-14</entry>
+
+     </dates>
+   </vuln>
+
+   <vuln vid="06a6b2cf-484b-11d9-813c-00065be4b5b6">
+     <topic>MySQL -- ALTER MERGE denial of service vulnerability</topic>
+     <affects>
+       <package>
+	 <name>mysql40-server</name>
+
+	 <range><lt>4.0.21</lt></range>
+       </package>
+       <package>
+	 <name>mysql323-server</name>
+	 <range><lt>3.23.59</lt></range>
+       </package>
+       <package>
+
+	 <name>mysql41-server</name>
+	 <range><lt>4.1.1</lt></range>
+       </package>
+     </affects>
+     <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+	 <p>
+	 Dean Ellis reported a denial of service vulnerability in the MySQL server:
+	 </p>
+
+	<blockquote cite="http://bugs.mysql.com/bug.php?id=4017">
+		<p>
+		Multiple threads ALTERing the same (or different) MERGE tables to change the
+		UNION eventually crash the server or hang the individual threads.
+		</p>
+	</blockquote>
+	<p>
+	Note that a script demonstrating the problem is included in the
+	MySQL bug report. Attackers that have control of a MySQL account
+	could easily use a modified version of that script during an attack.
+	</p>
+       </body>
+     </description>
+
+     <references>
+	<cvename>CAN-2004-0837</cvename>
+	<bid>11357</bid>
+	<url>http://bugs.mysql.com/bug.php?id=2408</url>
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+     </references>
+     <dates>
+
+       <discovery>2004-01-15</discovery>
+       <entry>2004-12-14</entry>
+     </dates>
+   </vuln>
+
+   <vuln vid="29edd807-438d-11d9-8bb9-00065be4b5b6">
+     <topic>MySQL -- FTS request denial of service vulnerability</topic>
+     <affects>
+
+       <package>
+	 <name>mysql40-server</name>
+	 <range><lt>4.0.21</lt></range>
+       </package>
+     </affects>
+     <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+	 <p>
+
+	 A special crafted MySQL FTS query can cause the server to crash.
+	 Malicious MySQL users can abuse this bug in a denial of service
+	 attack against systems running an affected MySQL daemon.
+	 </p>
+	 <p> 
+	 Note that because this bug is related to the parsing of requests
+	 it may happen that this bug is triggered accidently by a user when he
+	 or she makes a typo in an SQL query.
+	 </p>
+       </body>
+     </description>
+     <references>
+       <url>http://bugs.mysql.com/bug.php?id=3870</url>
+       <cvename>CAN-2004-0956</cvename>
+
+       <bid>11432</bid>
+     </references>
+     <dates>
+       <discovery>2004-03-23</discovery>
+       <entry>2004-12-14</entry>
+     </dates>
+   </vuln>
+
+   <vuln vid="01c231cd-4393-11d9-8bb9-00065be4b5b6">
+     <topic>MySQL -- GRANT access restriction problem</topic>
+     <affects>
+       <package>
+	 <name>mysql40-server</name>
+	 <range><lt>4.0.21</lt></range>
+       </package>
+
+     </affects>
+     <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+	 <p>
+	 When a user is granted access to a database with a name containing an
+	 underscore and the underscore is not escaped then that user might
+	 also be able to access other, similarly named, databases on the
+	 affected system.
+	 </p>
+	<p>
+	The problem is that the underscore is seen as a wildcard by MySQL
+	and therefore it is possible that an admin might accidently GRANT
+	a user access to multiple databases.
+	</p>
+       </body>
+
+     </description>
+     <references>
+	<cvename>CAN-2004-0957</cvename>
+	<bid>11435</bid>
+	<url>http://bugs.mysql.com/bug.php?id=3933</url>
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+	<url>http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html</url>
+
+     </references>
+     <dates>
+       <discovery>2004-03-29</discovery>
+       <entry>2004-12-14</entry>
+     </dates>
+   </vuln>
+
+   <vuln vid="835256b8-46ed-11d9-8ce0-00065be4b5b6">
+
+     <topic>MySQL -- mysql_real_connect buffer overflow vulnerability</topic>
+     <affects>
+       <package>
+	 <name>mysql40-server</name>
+	 <range><lt>4.0.21</lt></range>
+       </package>
+       <package>
+
+	 <name>mysql40-client</name>
+	 <range><lt>4.0.21</lt></range>
+       </package>
+       <package>
+	 <name>mysql323-client</name>
+	 <range><lt>3.23.59</lt></range>
+       </package>
+
+       <package>
+	 <name>mysql323-server</name>
+	 <range><lt>3.23.59</lt></range>
+       </package>
+     </affects>
+     <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+	 <p>
+
+	 The mysql_real_connect function doesn't properly handle DNS replies
+	 by copying the IP address into a buffer without any length checking.
+	 A specially crafted DNS reply may therefore be used to cause a
+	 buffer overflow on affected systems.
+	 </p>
+	 <p>
+	 Note that whether this issue can be exploitable depends on the system library responsible for
+	 the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following
+	 words:
+	 </p>
+	 <blockquote cite="http://bugs.mysql.com/bug.php?id=4017">
+		<p>
+		In glibc there is a limitation for an IP address to have only 4
+		bytes (obviously), but generally speaking the length of the address
+		comes with a response for dns query (i know it sounds funny but
+		read rfc1035 if you don't believe). This bug can occur on libraries
+		where gethostbyname function takes length from dns's response
+		</p>
+	 </blockquote>
+
+       </body>
+     </description>
+     <references>
+	<cvename>CAN-2004-0836</cvename>
+	<bid>10981</bid>
+	<url>http://bugs.mysql.com/bug.php?id=4017</url>
+	<url>http://lists.mysql.com/internals/14726</url>
+
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+	<url>http://www.osvdb.org/displayvuln.php?osvdb_id=10658</url>
+     </references>
+     <dates>
+       <discovery>2004-06-04</discovery>
+       <entry>2004-12-14</entry>
+     </dates>
+   </vuln>
+
   <vuln vid="06f142ff-4df3-11d9-a9e7-0001020eed82">
     <topic>wget -- multiple vulnerabilities</topic>
     <affects>