Detections
Analytics
Mandrake Linux Security Advisory : MySQL (MDKSA-2007:177)
medium Nessus Plugin ID 26009
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash (CVE-2007-3780).Another flaw was discovered in MySQL that allowed remote authenticated users to gain update privileges for a table in another database via a view that refers to the external table (CVE-2007-3782).
Updated packages have been patched to prevent these issues.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 26009
File Name: mandrake_MDKSA-2007-177.nasl
Version: 1.17
Type: local
Family: Mandriva Local Security Checks
Published: 9/7/2007
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Medium
Base Score: 6
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:mandriva:linux:2007.1, p-cpe:/a:mandriva:linux:lib64mysql15, p-cpe:/a:mandriva:linux:mysql-ndb-extra, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:lib64mysql15-devel, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-ndb-storage, p-cpe:/a:mandriva:linux:libmysql15, p-cpe:/a:mandriva:linux:libmysql15-devel, p-cpe:/a:mandriva:linux:libmysql15-static-devel, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:lib64mysql15-static-devel, p-cpe:/a:mandriva:linux:mysql, cpe:/o:mandriva:linux:2007, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:mysql-ndb-management, p-cpe:/a:mandriva:linux:mysql-ndb-tools
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 9/6/2007
Reference Information
CVE: CVE-2007-2691, CVE-2007-2692, CVE-2007-3780, CVE-2007-3782