Mandrake Linux Security Advisory : MySQL (MDKSA-2001:014-1)

High Nessus Plugin ID 61888


The remote Mandrake Linux host is missing one or more security updates.


A security problem exists in all versions of MySQL after 3.23.2 and prior to 3.23.31. The problem is that the SHOW GRANTS command could be executed by any user making it possible for anyone with a MySQL account to get the crypted password from the mysql.user table. The new 3.23.31 version fixes this.

Due to library changes, the previously announced PHP update (MDKSA-2001:013) has been updated as well so that the php-mysql module supports this new version of MySQL. It also corrects the upgrade scripts in the package, however you will still need to verify that PHP support is enabled in your /etc/httpd/conf/httpd.conf Apache configuration file and verify that the installed modules are uncommented in your /etc/php.ini file.

Update :

Previous versions of MySQL also suffered from a buffer overflow problem that has been corrected in the recent releases. This update fixes the buffer overflow problem in the MySQL packages provided with Linux- Mandrake 7.1 and Corporate Server 1.0.1.


Update the affected packages.

Plugin Details

Severity: High

ID: 61888

File Name: mandrake_MDKSA-2001-014.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:MySQL, p-cpe:/a:mandriva:linux:MySQL-bench, p-cpe:/a:mandriva:linux:MySQL-client, p-cpe:/a:mandriva:linux:MySQL-devel, p-cpe:/a:mandriva:linux:MySQL-shared, p-cpe:/a:mandriva:linux:MySQL-shared-libs, p-cpe:/a:mandriva:linux:mod_php, p-cpe:/a:mandriva:linux:php, p-cpe:/a:mandriva:linux:php-dba_gdbm_db2, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-gd, p-cpe:/a:mandriva:linux:php-imap, p-cpe:/a:mandriva:linux:php-ldap, p-cpe:/a:mandriva:linux:php-manual, p-cpe:/a:mandriva:linux:php-mysql, p-cpe:/a:mandriva:linux:php-pgsql, p-cpe:/a:mandriva:linux:php-readline, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/01/26

Reference Information

CVE: CVE-2001-1274, CVE-2001-1275

MDKSA: 2001:014-1