SuSE 10 Security Update : MySQL (ZYPP Patch Number 5338)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

The database server mySQL was updated to fix two security problems :

- MySQL allowed local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with
modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY
arguments that are within the MySQL home data directory,
which can point to tables that are created in the
future. (CVE-2008-2079)

- sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x
before 5.1.14 allows remote authenticated users to cause
a denial of service (crash) via an EXPLAIN SELECT FROM
on the INFORMATION_SCHEMA table, as originally
demonstrated using ORDER BY. (CVE-2006-7232)

See also :

http://support.novell.com/security/cve/CVE-2006-7232.html
http://support.novell.com/security/cve/CVE-2008-2079.html

Solution :

Apply ZYPP patch number 5338.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 33886 ()

Bugtraq ID:

CVE ID: CVE-2006-7232
CVE-2008-2079

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now