MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL Community Server 5.1 installed on the remote host
is earlier than 5.1.46 and thus potentially affected by the following
vulnerabilities :

- A local user may be able to issue a 'DROP TABLE' command
for one MyISAM table and remove the data and index files
of a different MyISAM table. (Bug #40980)

- The application does not correct check privileges in
calls to 'UNINSTALL PLUGIN', which could be abused by
an unprivileged user to uninstall plugins loaded
dynamically. (Bug #51770)

See also :

http://bugs.mysql.com/bug.php?id=40980
http://bugs.mysql.com/bug.php?id=51770
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html

Solution :

Upgrade to MySQL Community Server 5.1.46 or later.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:P)
CVSS Temporal Score : 3.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 46328 ()

Bugtraq ID: 39543
40257

CVE ID: CVE-2010-1621
CVE-2010-1626