GLSA-200410-22 : MySQL: Multiple vulnerabilities

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200410-22
(MySQL: Multiple vulnerabilities)

The following vulnerabilities were found and fixed in MySQL:
Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT
rights of the old table instead of the new one (CAN-2004-0835). Another
privilege checking bug allowed users to grant rights on a database they had
no rights on.
Dean Ellis found a defect where multiple threads ALTERing the MERGE tables
to change the UNION could cause the server to crash (CAN-2004-0837).
Another crash was found in MATCH ... AGAINST() queries with missing closing
double quote.
Finally, a buffer overrun in the mysql_real_connect function was found by
Lukasz Wojtow (CAN-2004-0836).

Impact :

The privilege checking issues could be used by remote users to bypass their
rights on databases. The two crashes issues could be exploited by a remote
user to perform a Denial of Service attack on MySQL server. The buffer
overrun issue could also be exploited as a Denial of Service attack, and
may allow to execute arbitrary code with the rights of the MySQL daemon
(typically, the 'mysql' user).

Workaround :

There is no known workaround at this time.

See also :

http://bugs.mysql.com/bug.php?id=3933
http://bugs.mysql.com/bug.php?id=3870
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml

Solution :

All MySQL users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=dev-db/mysql-4.0.21'
# emerge '>=dev-db/mysql-4.0.21'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 15558 (gentoo_GLSA-200410-22.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0835
CVE-2004-0836
CVE-2004-0837