GLSA-200410-22 : MySQL: Multiple vulnerabilities

Critical Nessus Plugin ID 15558


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200410-22 (MySQL: Multiple vulnerabilities)

The following vulnerabilities were found and fixed in MySQL:
Oleksandr Byelkin found that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one (CAN-2004-0835). Another privilege checking bug allowed users to grant rights on a database they had no rights on.
Dean Ellis found a defect where multiple threads ALTERing the MERGE tables to change the UNION could cause the server to crash (CAN-2004-0837).
Another crash was found in MATCH ... AGAINST() queries with missing closing double quote.
Finally, a buffer overrun in the mysql_real_connect function was found by Lukasz Wojtow (CAN-2004-0836).
Impact :

The privilege checking issues could be used by remote users to bypass their rights on databases. The two crashes issues could be exploited by a remote user to perform a Denial of Service attack on MySQL server. The buffer overrun issue could also be exploited as a Denial of Service attack, and may allow to execute arbitrary code with the rights of the MySQL daemon (typically, the 'mysql' user).
Workaround :

There is no known workaround at this time.


All MySQL users should upgrade to the latest version:
# emerge sync # emerge -pv '>=dev-db/mysql-4.0.21' # emerge '>=dev-db/mysql-4.0.21'

See Also

Plugin Details

Severity: Critical

ID: 15558

File Name: gentoo_GLSA-200410-22.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2004/10/25

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mysql, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2004/10/24

Vulnerability Publication Date: 2004/05/29

Reference Information

CVE: CVE-2004-0835, CVE-2004-0836, CVE-2004-0837

OSVDB: 10658, 10659, 10660, 10959, 10985

GLSA: 200410-22

CWE: 119