Mandriva Linux Security Advisory : mariadb (MDVSA-2013:102)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated mariadb packages includes fixes for the following security
vulnerabilities :

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.26 and earlier allows remote attackers to affect integrity
and availability, related to MySQL Client (CVE-2012-3147).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Protocol (CVE-2012-3158).

Multiple SQL injection vulnerabilities in the replication code in
Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62,
5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25,
allow remote authenticated users to execute arbitrary SQL commands via
vectors related to the binary log. NOTE: as of 20130116, Oracle has
not commented on claims from a downstream vendor that the fix in MySQL
5.5.29 is incomplete (CVE-2012-4414).

Stack-based buffer overflow in the acl_get function in Oracle MySQL
5.5.19 and other versions through 5.5.28, and 5.1.53 and other
versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x
before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows
remote authenticated users to execute arbitrary code via a long
argument to the GRANT FILE command (CVE-2012-5611).

A buffer overflow that can cause a server crash or arbitrary code
execution (a variant of CVE-2012-5611)

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions
through 5.5.28, and MariaDB 5.5.28a and possibly other versions,
allows remote authenticated users to cause a denial of service (memory
corruption and crash) and possibly execute arbitrary code, as
demonstrated using certain variations of the (1) USE, (2) SHOW TABLES,
(3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW
INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10)
DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands
(CVE-2012-5612).

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11,
5.2.13, 5.1.66, and possibly other versions, generates different error
messages with different time delays depending on whether a user name
exists, which allows remote attackers to enumerate valid usernames
(CVE-2012-5615). Be advised that for CVE-2012-5615 to be completely
closed, it's recommended to remove any anonymous logins. Previously,
such a user without access rights was added by default.

A vulnerability was found in the handling of password salt values in
MySQL. When a user logs into MySQL a salt value is generated that is
then used to prevent password guessing attacks (since the salt value
must be known in order to send a password). This salt value is created
at the start of a session and used for the entire session, once
authenticated an attacker can use the MySQL change_user command to
attempt to login as a different, as the salt value is known a password
guessing attack will be much more efficient (CVE-2012-5627).

in addition it fixes MDEV-4029 and rpl.rpl_mdev382 test from
mariadb-bench, and a problem preventing the feedback plugin from
working has been corrected.

See also :

https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0135

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66114 ()

Bugtraq ID: 55498
56017
56022
56766
56768
56769
56837

CVE ID: CVE-2012-3147
CVE-2012-3158
CVE-2012-4414
CVE-2012-5611
CVE-2012-5612
CVE-2012-5615
CVE-2012-5627

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now