GLSA-200410-22 : MySQL: Multiple vulnerabilities

critical Nessus Plugin ID 15558

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200410-22 (MySQL: Multiple vulnerabilities)

The following vulnerabilities were found and fixed in MySQL:
Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one (CAN-2004-0835). Another privilege checking bug allowed users to grant rights on a database they had no rights on.
Dean Ellis found a defect where multiple threads ALTERing the MERGE tables to change the UNION could cause the server to crash (CAN-2004-0837).
Another crash was found in MATCH ... AGAINST() queries with missing closing double quote.
Finally, a buffer overrun in the mysql_real_connect function was found by Lukasz Wojtow (CAN-2004-0836).
Impact :

The privilege checking issues could be used by remote users to bypass their rights on databases. The two crashes issues could be exploited by a remote user to perform a Denial of Service attack on MySQL server. The buffer overrun issue could also be exploited as a Denial of Service attack, and may allow to execute arbitrary code with the rights of the MySQL daemon (typically, the 'mysql' user).
Workaround :

There is no known workaround at this time.

Solution

All MySQL users should upgrade to the latest version:
# emerge sync # emerge -pv '>=dev-db/mysql-4.0.21' # emerge '>=dev-db/mysql-4.0.21'

See Also

https://bugs.mysql.com/bug.php?id=3933

https://bugs.mysql.com/bug.php?id=3870

https://security.gentoo.org/glsa/200410-22

Plugin Details

Severity: Critical

ID: 15558

File Name: gentoo_GLSA-200410-22.nasl

Version: 1.18

Type: local

Published: 10/25/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mysql, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 10/24/2004

Reference Information

CVE: CVE-2004-0835, CVE-2004-0836, CVE-2004-0837

CWE: 119

GLSA: 200410-22