Mandriva Linux Security Advisory : mysql (MDVSA-2010:107)
Medium Nessus Plugin ID 46726
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in mysql :
The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST (CVE-2010-1848).
The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet CVE-2010-1849).
The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code (CVE-2010-1850).
Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.