Mandrake Linux Security Advisory : MySQL (MDKSA-2002:087)

High Nessus Plugin ID 13985


The remote Mandrake Linux host is missing one or more security updates.


Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitrary code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '�' to any memory address.
Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 13985

File Name: mandrake_MDKSA-2002-087.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2004/07/31

Modified: 2014/04/15

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:MySQL, p-cpe:/a:mandriva:linux:MySQL-Max, p-cpe:/a:mandriva:linux:MySQL-bench, p-cpe:/a:mandriva:linux:MySQL-client, p-cpe:/a:mandriva:linux:MySQL-devel, p-cpe:/a:mandriva:linux:MySQL-shared, p-cpe:/a:mandriva:linux:libmysql10, p-cpe:/a:mandriva:linux:libmysql10-devel, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2002/12/18

Reference Information

CVE: CVE-2002-1373, CVE-2002-1374, CVE-2002-1375, CVE-2002-1376

MDKSA: 2002:087