This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been found and corrected in mysql :
The server failed to check the table name argument of a COM_FIELD_LIST
command packet for validity and compliance to acceptable table name
standards. This could be exploited to bypass almost all forms of
checks for privileges and table-level grants by providing a specially
crafted table name argument to COM_FIELD_LIST (CVE-2010-1848).
The server could be tricked into reading packets indefinitely if it
received a packet larger than the maximum size of one packet
The server was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of a
COM_FIELD_LIST command packet. By sending long data for the table
name, a buffer is overflown, which could be exploited by an
authenticated user to inject malicious code (CVE-2010-1850).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.1
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 46726 (mandriva_MDVSA-2010-107.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now