Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities were discovered and corrected in mysql :

- During evaluation of arguments to extreme-value
functions (such as LEAST() and GREATEST()), type errors
did not propagate properly, causing the server to crash
(CVE-2010-3833).

- The server could crash after materializing a derived
table that required a temporary table for grouping
(CVE-2010-3834).

- A user-variable assignment expression that is evaluated
in a logical expression context can be precalculated in
a temporary table for GROUP BY. However, when the
expression value is used after creation of the temporary
table, it was re-evaluated, not read from the table and
a server crash resulted (CVE-2010-3835).

- Pre-evaluation of LIKE predicates during view
preparation could cause a server crash (CVE-2010-3836).

- GROUP_CONCAT() and WITH ROLLUP together could cause a
server crash (CVE-2010-3837).

- Queries could cause a server crash if the GREATEST() or
LEAST() function had a mixed list of numeric and
LONGBLOB arguments, and the result of such a function
was processed using an intermediate temporary table
(CVE-2010-3838).

- Queries with nested joins could cause an infinite loop
in the server when used from stored procedures and
prepared statements (CVE-2010-3839).

- The PolyFromWKB() function could crash the server when
improper WKB data was passed to the function
(CVE-2010-3840).

The updated packages have been patched to correct these issues.

See also :

http://bugs.mysql.com/bug.php?id=51875
http://bugs.mysql.com/bug.php?id=53544
http://bugs.mysql.com/bug.php?id=54461
http://bugs.mysql.com/bug.php?id=54476
http://bugs.mysql.com/bug.php?id=54568
http://bugs.mysql.com/bug.php?id=55564
http://bugs.mysql.com/bug.php?id=55568
http://bugs.mysql.com/bug.php?id=55826

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 50534 ()

Bugtraq ID: 43676

CVE ID: CVE-2010-3833
CVE-2010-3834
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now