Mandriva Linux Security Advisory : mysql (MDVSA-2010:107)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in mysql :

The server failed to check the table name argument of a COM_FIELD_LIST
command packet for validity and compliance to acceptable table name
standards. This could be exploited to bypass almost all forms of
checks for privileges and table-level grants by providing a specially
crafted table name argument to COM_FIELD_LIST (CVE-2010-1848).

The server could be tricked into reading packets indefinitely if it
received a packet larger than the maximum size of one packet
CVE-2010-1849).

The server was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of a
COM_FIELD_LIST command packet. By sending long data for the table
name, a buffer is overflown, which could be exploited by an
authenticated user to inject malicious code (CVE-2010-1850).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

The updated packages have been patched to correct these issues.

See also :

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 46726 (mandriva_MDVSA-2010-107.nasl)

Bugtraq ID: 40100
40106
40109

CVE ID: CVE-2010-1848
CVE-2010-1849
CVE-2010-1850

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now