GLSA-201201-02 : MySQL: Multiple vulnerabilities

High Nessus Plugin ID 57446

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201201-02 (MySQL: Multiple vulnerabilities)

 Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.
 Impact :

 An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks.
 Workaround :

 There is no known workaround at this time.

Solution

All MySQL users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.1.56' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue.

See Also

https://security.gentoo.org/glsa/201201-02

Plugin Details

Severity: High

ID: 57446

File Name: gentoo_GLSA-201201-02.nasl

Version: 1.9

Type: local

Published: 2012/01/06

Updated: 2018/07/11

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mysql, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/01/05

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (MySQL yaSSL CertDecoder::GetName Buffer Overflow)

Reference Information

CVE: CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4028, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3676, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840

BID: 29106, 31081, 31486, 35609, 37076, 37297, 37640, 37943, 38043, 39543, 40100, 40106, 40109, 40257, 41198, 42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43676

GLSA: 201201-02

CWE: 20, 59, 79, 119, 134, 264