Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in mysql :

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does
not properly handle a b'' (b single-quote single-quote) token, aka an
empty bit-string literal, which allows remote attackers to cause a
denial of service (daemon crash) by using this token in a SQL
statement (CVE-2008-3963).

MySQL 5.0.51a allows local users to bypass certain privilege checks by
calling CREATE TABLE on a MyISAM table with modified (1) DATA
DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with
symlinks within pathnames for subdirectories of the MySQL home data
directory, which are followed when tables are created in the future.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-2079 (CVE-2008-4097).

MySQL before 5.0.67 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally
associated with pathnames without symlinks, and that can point to
tables created at a future time at which a pathname is modified to
contain a symlink to a subdirectory of the MySQL home data directory.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client in
MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows
attackers to inject arbitrary web script or HTML by placing it in a
database cell, which might be accessed by this client when composing
an HTML document (CVE-2008-4456).

bugs in the Mandriva Linux 2008.1 packages that has been fixed :

o upstream fix for mysql bug35754 (#38398, #44691) o fix #46116
(initialization file mysqld-max don't show correct application status)
o fix upstream bug 42366

bugs in the Mandriva Linux 2009.0 packages that has been fixed :

o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,
CVE-2008-4098) o no need to workaround #38398, #44691 anymore (since
5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file
mysqld-max don't show correct application status) o sphinx-0.9.8.1

bugs in the Mandriva Linux Corporate Server 4 packages that has been
fixed: o fix upstream bug 42366 o fix #46116 (initialization file
mysqld-max don't show correct application status)

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36943 (mandriva_MDVSA-2009-094.nasl)

Bugtraq ID: 29106
31081
31486

CVE ID: CVE-2008-3963
CVE-2008-4097
CVE-2008-4098
CVE-2008-4456

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now