Mandrake Linux Security Advisory : MySQL (MDKSA-2004:119)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

A number of problems have been discovered in the MySQL database
server :

Jeroen van Wolffelaar discovered an insecure temporary file
vulnerability in the mysqlhotcopy script when using the scp method

Oleksandr Byelkin discovered that the 'ALTER TABLE ... RENAME' would
check the CREATE/INSERT rights of the old table rather than the new
one (CVE-2004-0835).

Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect
function (CVE-2004-0836).

Dean Ellis discovered that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION can cause the server to
crash or stall (CVE-2004-0837).

The updated MySQL packages have been patched to protect against these

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15599 (mandrake_MDKSA-2004-119.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0457

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now