Mandriva Linux Security Advisory : mysql (MDVSA-2011:012)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in mysql :

storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49
allows remote authenticated users to cause a denial of service
(assertion failure) by modifying the (1) innodb_file_format or (2)
innodb_file_per_table configuration parameters for the InnoDB storage
engine, then executing a DDL statement (CVE-2010-3676).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
via a join query that uses a table with a unique SET column
(CVE-2010-3677).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (crash) via (1) IN or (2) CASE operations with NULL
arguments that are explicitly specified or indirectly provided by the
WITH ROLLUP modifier (CVE-2010-3678).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (mysqld daemon crash) via certain arguments to the
BINLOG command, which triggers an access of uninitialized memory, as
demonstrated by valgrind (CVE-2010-3679).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (mysqld daemon crash) by creating temporary tables
while using InnoDB, which triggers an assertion failure
(CVE-2010-3680).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
by using the HANDLER interface and performing alternate reads from two
indexes on a table, which triggers an assertion failure
(CVE-2010-3681).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
by using EXPLAIN with crafted 'SELECT ... UNION ... ORDER BY \(SELECT
... WHERE ...\)' statements, which triggers a NULL pointer dereference
in the Item_singlerow_subselect::store function (CVE-2010-3682).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a
LOAD DATA INFILE request generates SQL errors, which allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
via a crafted request (CVE-2010-3683).

The updated packages have been upgraded to the latest (last) stable
5.1 release (5.1.54) to address these issues for both Mandriva Linux
2010.0 and 2010.2.

See also :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html
http://www.mysql.com/support/eol-notice.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now