Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)

medium Nessus Plugin ID 48399

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in mysql :

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as :

- LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported.
Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. (Bug#52512) (CVE-2010-3683)

- Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711) (CVE-2010-3682)

- The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface.
(Bug#54007) (CVE-2010-3681)

- A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash.
(Bug#54393) (CVE-2010-3679)

- Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)

- Joins involving a table with with a unique SET column could cause a server crash. (Bug#54575) (CVE-2010-3677)

- Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update :

Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages.

Solution

Update the affected packages.

See Also

https://bugs.mysql.com/bug.php?id=52512

https://bugs.mysql.com/bug.php?id=52711

https://bugs.mysql.com/bug.php?id=54007

https://bugs.mysql.com/bug.php?id=54044

https://bugs.mysql.com/bug.php?id=54393

https://bugs.mysql.com/bug.php?id=54477

https://bugs.mysql.com/bug.php?id=54575

Plugin Details

Severity: Medium

ID: 48399

File Name: mandriva_MDVSA-2010-155.nasl

Version: 1.14

Type: local

Published: 8/23/2010

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64mysql-devel, p-cpe:/a:mandriva:linux:lib64mysql-static-devel, p-cpe:/a:mandriva:linux:lib64mysql16, p-cpe:/a:mandriva:linux:libmysql-devel, p-cpe:/a:mandriva:linux:libmysql-static-devel, p-cpe:/a:mandriva:linux:libmysql16, p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:mysql-doc, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-ndb-extra, p-cpe:/a:mandriva:linux:mysql-ndb-management, p-cpe:/a:mandriva:linux:mysql-ndb-storage, p-cpe:/a:mandriva:linux:mysql-ndb-tools, cpe:/o:mandriva:linux:2009.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2010

Reference Information

CVE: CVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683

BID: 41198, 42596, 42598, 42599, 42625, 42633, 42638, 42646

MDVSA: 2010:155-1