This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities were discovered and corrected in mysql :
- During evaluation of arguments to extreme-value
functions (such as LEAST() and GREATEST()), type errors
did not propagate properly, causing the server to crash
- The server could crash after materializing a derived
table that required a temporary table for grouping
- A user-variable assignment expression that is evaluated
in a logical expression context can be precalculated in
a temporary table for GROUP BY. However, when the
expression value is used after creation of the temporary
table, it was re-evaluated, not read from the table and
a server crash resulted (CVE-2010-3835).
- Pre-evaluation of LIKE predicates during view
preparation could cause a server crash (CVE-2010-3836).
- GROUP_CONCAT() and WITH ROLLUP together could cause a
server crash (CVE-2010-3837).
- Queries could cause a server crash if the GREATEST() or
LEAST() function had a mixed list of numeric and
LONGBLOB arguments, and the result of such a function
was processed using an intermediate temporary table
- Queries with nested joins could cause an infinite loop
in the server when used from stored procedures and
prepared statements (CVE-2010-3839).
- The PolyFromWKB() function could crash the server when
improper WKB data was passed to the function
The updated packages have been patched to correct these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 50534 ()
Bugtraq ID: 43676
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now