Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)

Medium Nessus Plugin ID 36943

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.3

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in mysql :

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement (CVE-2008-3963).

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079 (CVE-2008-4097).

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document (CVE-2008-4456).

bugs in the Mandriva Linux 2008.1 packages that has been fixed :

o upstream fix for mysql bug35754 (#38398, #44691) o fix #46116 (initialization file mysqld-max don't show correct application status) o fix upstream bug 42366

bugs in the Mandriva Linux 2009.0 packages that has been fixed :

o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097, CVE-2008-4098) o no need to workaround #38398, #44691 anymore (since 5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don't show correct application status) o sphinx-0.9.8.1

bugs in the Mandriva Linux Corporate Server 4 packages that has been fixed: o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don't show correct application status)

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 36943

File Name: mandriva_MDVSA-2009-094.nasl

Version: 1.17

Type: local

Published: 2009/04/23

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 6.3

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64mysql-devel, p-cpe:/a:mandriva:linux:lib64mysql-static-devel, p-cpe:/a:mandriva:linux:lib64mysql15, p-cpe:/a:mandriva:linux:libmysql-devel, p-cpe:/a:mandriva:linux:libmysql-static-devel, p-cpe:/a:mandriva:linux:libmysql15, p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:mysql-doc, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-ndb-extra, p-cpe:/a:mandriva:linux:mysql-ndb-management, p-cpe:/a:mandriva:linux:mysql-ndb-storage, p-cpe:/a:mandriva:linux:mysql-ndb-tools, cpe:/o:mandriva:linux:2008.1, cpe:/o:mandriva:linux:2009.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/04/22

Reference Information

CVE: CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456

BID: 29106, 31081, 31486

MDVSA: 2009:094

CWE: 59, 79, 134, 264