Mandrake Linux Security Advisory : MySQL (MDKSA-2007:177)

Medium Nessus Plugin ID 26009

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash (CVE-2007-3780).

Another flaw was discovered in MySQL that allowed remote authenticated users to gain update privileges for a table in another database via a view that refers to the external table (CVE-2007-3782).

Updated packages have been patched to prevent these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 26009

File Name: mandrake_MDKSA-2007-177.nasl

Version: 1.15

Type: local

Family: Mandriva Local Security Checks

Published: 2007/09/07

Updated: 2018/07/19

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:MySQL, p-cpe:/a:mandriva:linux:MySQL-Max, p-cpe:/a:mandriva:linux:MySQL-bench, p-cpe:/a:mandriva:linux:MySQL-client, p-cpe:/a:mandriva:linux:MySQL-common, p-cpe:/a:mandriva:linux:MySQL-ndb-extra, p-cpe:/a:mandriva:linux:MySQL-ndb-management, p-cpe:/a:mandriva:linux:MySQL-ndb-storage, p-cpe:/a:mandriva:linux:MySQL-ndb-tools, p-cpe:/a:mandriva:linux:lib64mysql15, p-cpe:/a:mandriva:linux:lib64mysql15-devel, p-cpe:/a:mandriva:linux:lib64mysql15-static-devel, p-cpe:/a:mandriva:linux:libmysql15, p-cpe:/a:mandriva:linux:libmysql15-devel, p-cpe:/a:mandriva:linux:libmysql15-static-devel, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2007/09/06

Reference Information

CVE: CVE-2007-2691, CVE-2007-2692, CVE-2007-3780, CVE-2007-3782

MDKSA: 2007:177

CWE: 20, 264