MySQL Community Server < 5.1.51 Multiple Vulnerabilities

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL Community Server installed on the remote host is
earlier than 5.1.51 and is, therefore, potentially affected by
multiple vulnerabilities:

- A privilege escalation vulnerability exists when using
statement-based replication. Version specific comments
used on a master server with a lesser release version
than its slave can allow the MySQL privilege system on
the slave server to be subverted. (49124)

- An authenticated user can crash the MySQL server by
passing improper WKB to the 'PolyFromWKB()' function.
(51875)

- The improper handling of type errors during argument
evaluation in extreme-value functions, e.g., 'LEAST()'
or 'GREATEST()' caused server crashes. (55826)

- The creation of derived tables needing a temporary
grouping table caused server crashes. (55568)

- The re-evaluation of a user-variable assignment
expression after the creation of a temporary table
caused server crashes. (55564)

- The 'convert_tz()' function can be used to crash the
server by setting the timezone argument to an empty
SET column value. (55424)

- The pre-evaluation of 'LIKE' predicates while preparing
a view caused server crashes. (54568)

- The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused
server crashes. (54476)

- The use of an intermediate temporary table and queries
containing calls to 'GREATEST()' or 'LEAST()', having
a list of both numeric and 'LONGBLOB' arguments, caused
server crashes. (54461)

- The use of nested joins in prepared statements or
stored procedures could result in infinite loops.
(53544)

See also :

http://bugs.mysql.com/bug.php?id=49124
http://bugs.mysql.com/bug.php?id=51875
http://bugs.mysql.com/bug.php?id=55826
http://bugs.mysql.com/bug.php?id=55568
http://bugs.mysql.com/bug.php?id=55564
http://bugs.mysql.com/bug.php?id=54568
http://bugs.mysql.com/bug.php?id=54476
http://bugs.mysql.com/bug.php?id=54461
http://bugs.mysql.com/bug.php?id=53544
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html

Solution :

Upgrade to MySQL Community Server 5.1.51 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true