Mandriva Linux Security Advisory : mysql (MDVSA-2010:012)

medium Nessus Plugin ID 48166

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in mysql :

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019).

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028).

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030).

The updated packages have been patched to correct these issues.
Additionally for 2009.1 and 2010.0 mysql has also been upgraded to the latest stable 5.1 release (5.1.42).

Solution

Update the affected packages.

See Also

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-37.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-42.html

Plugin Details

Severity: Medium

ID: 48166

File Name: mandriva_MDVSA-2010-012.nasl

Version: 1.14

Type: local

Published: 7/30/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64mysql-devel, p-cpe:/a:mandriva:linux:lib64mysql-static-devel, p-cpe:/a:mandriva:linux:lib64mysql16, p-cpe:/a:mandriva:linux:libmysql-devel, p-cpe:/a:mandriva:linux:libmysql-static-devel, p-cpe:/a:mandriva:linux:libmysql16, p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:mysql-common-core, p-cpe:/a:mandriva:linux:mysql-core, p-cpe:/a:mandriva:linux:mysql-doc, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-ndb-extra, p-cpe:/a:mandriva:linux:mysql-ndb-management, p-cpe:/a:mandriva:linux:mysql-ndb-storage, p-cpe:/a:mandriva:linux:mysql-ndb-tools, cpe:/o:mandriva:linux:2009.1, cpe:/o:mandriva:linux:2010.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/17/2010

Reference Information

CVE: CVE-2009-4019, CVE-2009-4028, CVE-2009-4030

BID: 37075, 37076, 37297

CWE: 20, 59

MDVSA: 2010:012