Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in mysql :

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash and
database loss) via an ALTER DATABASE command with a #mysql50# string
followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
MySQL to move certain directories to the server data directory
(CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as :

- LOAD DATA INFILE did not check for SQL errors and sent
an OK packet even when errors were already reported.
Also, an assert related to client-server protocol
checking in debug servers sometimes was raised when it
should not have been. (Bug#52512) (CVE-2010-3683)

- Using EXPLAIN with queries of the form SELECT ... UNION
... ORDER BY (SELECT ... WHERE ...) could cause a server
crash. (Bug#52711) (CVE-2010-3682)

- The server could crash if there were alternate reads
from two indexes on a table using the HANDLER interface.
(Bug#54007) (CVE-2010-3681)

- A malformed argument to the BINLOG statement could
result in Valgrind warnings or a server crash.
(Bug#54393) (CVE-2010-3679)

- Incorrect handling of NULL arguments could lead to a
crash for IN() or CASE operations when NULL arguments
were either passed explicitly as arguments (for IN()) or
implicitly generated by the WITH ROLLUP modifier (for
IN() and CASE). (Bug#54477) (CVE-2010-3678)

- Joins involving a table with with a unique SET column
could cause a server crash. (Bug#54575) (CVE-2010-3677)

- Use of TEMPORARY InnoDB tables with nullable columns
could cause a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update :

Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages.

See also :

http://bugs.mysql.com/bug.php?id=52512
http://bugs.mysql.com/bug.php?id=52711
http://bugs.mysql.com/bug.php?id=54007
http://bugs.mysql.com/bug.php?id=54044
http://bugs.mysql.com/bug.php?id=54393
http://bugs.mysql.com/bug.php?id=54477
http://bugs.mysql.com/bug.php?id=54575

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48399 (mandriva_MDVSA-2010-155.nasl)

Bugtraq ID: 41198
42596
42598
42599
42625
42633
42638
42646

CVE ID: CVE-2010-2008
CVE-2010-3677
CVE-2010-3678
CVE-2010-3679
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3683

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now