Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Multiple vulnerabilities has been found and corrected in mysql :

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash and
database loss) via an ALTER DATABASE command with a #mysql50# string
followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
MySQL to move certain directories to the server data directory

Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as :

- LOAD DATA INFILE did not check for SQL errors and sent
an OK packet even when errors were already reported.
Also, an assert related to client-server protocol
checking in debug servers sometimes was raised when it
should not have been. (Bug#52512) (CVE-2010-3683)

- Using EXPLAIN with queries of the form SELECT ... UNION
... ORDER BY (SELECT ... WHERE ...) could cause a server
crash. (Bug#52711) (CVE-2010-3682)

- The server could crash if there were alternate reads
from two indexes on a table using the HANDLER interface.
(Bug#54007) (CVE-2010-3681)

- A malformed argument to the BINLOG statement could
result in Valgrind warnings or a server crash.
(Bug#54393) (CVE-2010-3679)

- Incorrect handling of NULL arguments could lead to a
crash for IN() or CASE operations when NULL arguments
were either passed explicitly as arguments (for IN()) or
implicitly generated by the WITH ROLLUP modifier (for
IN() and CASE). (Bug#54477) (CVE-2010-3678)

- Joins involving a table with with a unique SET column
could cause a server crash. (Bug#54575) (CVE-2010-3677)

- Use of TEMPORARY InnoDB tables with nullable columns
could cause a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update :

Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48399 (mandriva_MDVSA-2010-155.nasl)

Bugtraq ID: 41198

CVE ID: CVE-2010-2008

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now