Mandriva Linux Security Advisory : mysql (MDVSA-2009:326)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Multiple vulnerabilities has been found and corrected in mysql :

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does
not properly handle a b'' (b single-quote single-quote) token, aka an
empty bit-string literal, which allows remote attackers to cause a
denial of service (daemon crash) by using this token in a SQL
statement (CVE-2008-3963).

MySQL before 5.0.67 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally
associated with pathnames without symlinks, and that can point to
tables created at a future time at which a pathname is modified to
contain a symlink to a subdirectory of the MySQL home data directory.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client in
MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows
attackers to inject arbitrary web script or HTML by placing it in a
database cell, which might be accessed by this client when composing
an HTML document (CVE-2008-4456).

Multiple format string vulnerabilities in the dispatch_command
function in libmysqld/ in mysqld in MySQL 4.0.0 through
5.0.83 allow remote authenticated users to cause a denial of service
(daemon crash) and possibly have unspecified other impact via format
string specifiers in a database name in a (1) COM_CREATE_DB or (2)
COM_DROP_DB request. NOTE: some of these details are obtained from
third-party information (CVE-2009-2446).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

This update provides fixes for this vulnerability.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.0
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 43045 (mandriva_MDVSA-2009-326.nasl)

Bugtraq ID: 29106

CVE ID: CVE-2008-3963

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now