Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)

medium Nessus Plugin ID 48399

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in mysql :

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as :

- LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported.
Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. (Bug#52512) (CVE-2010-3683)

- Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711) (CVE-2010-3682)

- The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface.
(Bug#54007) (CVE-2010-3681)

- A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash.
(Bug#54393) (CVE-2010-3679)

- Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)

- Joins involving a table with with a unique SET column could cause a server crash. (Bug#54575) (CVE-2010-3677)

- Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update :

Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages.

Solution

Update the affected packages.

See Also

https://bugs.mysql.com/bug.php?id=52512

https://bugs.mysql.com/bug.php?id=52711

https://bugs.mysql.com/bug.php?id=54007

https://bugs.mysql.com/bug.php?id=54044

https://bugs.mysql.com/bug.php?id=54393

https://bugs.mysql.com/bug.php?id=54477

https://bugs.mysql.com/bug.php?id=54575

Plugin Details

Severity: Medium

ID: 48399

File Name: mandriva_MDVSA-2010-155.nasl

Version: 1.14

Type: local

Published: 8/23/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64mysql-devel, p-cpe:/a:mandriva:linux:lib64mysql-static-devel, p-cpe:/a:mandriva:linux:lib64mysql16, p-cpe:/a:mandriva:linux:libmysql-devel, p-cpe:/a:mandriva:linux:libmysql-static-devel, p-cpe:/a:mandriva:linux:libmysql16, p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:mysql-doc, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-ndb-extra, p-cpe:/a:mandriva:linux:mysql-ndb-management, p-cpe:/a:mandriva:linux:mysql-ndb-storage, p-cpe:/a:mandriva:linux:mysql-ndb-tools, cpe:/o:mandriva:linux:2009.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2010

Reference Information

CVE: CVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683

BID: 41198, 42596, 42598, 42599, 42625, 42633, 42638, 42646

MDVSA: 2010:155-1