Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2008-150.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : mysql (MDVSA-2008:150)

2009-04-2300:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
14

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a special Hello packet (CVE-2008-0227).

Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079).

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2008:150. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(36561);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2008-0226", "CVE-2008-0227", "CVE-2008-2079");
  script_xref(name:"MDVSA", value:"2008:150");

  script_name(english:"Mandriva Linux Security Advisory : mysql (MDVSA-2008:150)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple buffer overflows in yaSSL, which is used in MySQL, allowed
remote attackers to execute arbitrary code (CVE-2008-0226) or cause a
denial of service via a special Hello packet (CVE-2008-0227).

Sergei Golubchik found that MySQL did not properly validate optional
data or index directory paths given in a CREATE TABLE statement; as
well it would not, under certain conditions, prevent two databases
from using the same paths for data or index files. This could allow an
authenticated user with appropriate privilege to create tables in one
database to read and manipulate data in tables later created in other
databases, regardless of GRANT privileges (CVE-2008-2079).

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(119, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql-devel-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql-static-devel-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64mysql15-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql-devel-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql-static-devel-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libmysql15-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-bench-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-client-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-common-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-max-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-ndb-extra-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-ndb-management-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-ndb-storage-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"mysql-ndb-tools-5.0.45-8.2mdv2007.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql-devel-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql-static-devel-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mysql15-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql-devel-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql-static-devel-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmysql15-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-bench-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-client-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-common-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-max-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-extra-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-management-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-storage-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mysql-ndb-tools-5.0.45-8.2mdv2008.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64mysql-develp-cpe:/a:mandriva:linux:lib64mysql-devel
mandrivalinuxlib64mysql-static-develp-cpe:/a:mandriva:linux:lib64mysql-static-devel
mandrivalinuxlib64mysql15p-cpe:/a:mandriva:linux:lib64mysql15
mandrivalinuxlibmysql-develp-cpe:/a:mandriva:linux:libmysql-devel
mandrivalinuxlibmysql-static-develp-cpe:/a:mandriva:linux:libmysql-static-devel
mandrivalinuxlibmysql15p-cpe:/a:mandriva:linux:libmysql15
mandrivalinuxmysqlp-cpe:/a:mandriva:linux:mysql
mandrivalinuxmysql-benchp-cpe:/a:mandriva:linux:mysql-bench
mandrivalinuxmysql-clientp-cpe:/a:mandriva:linux:mysql-client
mandrivalinuxmysql-commonp-cpe:/a:mandriva:linux:mysql-common
Rows per page:
1-10 of 171

Related

openvas 56
nessus 38
debian 2
altlinux 1
osv 2
freebsd 2
cve 5
redhat 4
ubuntucve 5
cvelist 5
seebug 1
prion 5
gentoo 1
veracode 1
nvd 5
packetstorm 2
checkpoint_advisories 1
redhatcve 3
ubuntu 3
saint 4
securityvulns 2
oraclelinux 2
centos 1
suse 1
openvas
openvas
Mandriva Update for mysql MDVSA-2008:150 (mysql)
2009-04-09 00:00:00
Mandriva Update for mysql MDVSA-2008:150 (mysql)
2009-04-09 00:00:00
Debian: Security Advisory (DSA-1478-1)
2008-01-31 00:00:00
nessus
nessus
Debian DSA-1478-1 : mysql-dfsg-5.0 - buffer overflows
2008-01-30 00:00:00
yaSSL 1.7.5 Buffer Overflow
2012-01-16 00:00:00
MySQL Community Server 5.0 < 5.0.67 Multiple Vulnerabilities
2008-09-11 00:00:00
debian
debian
[SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
2008-01-28 20:20:18
[SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-07-13 04:55:16
altlinux
altlinux
Security fix for the ALT Linux 5 package MySQL version 5.0.51-alt2.a
2008-03-16 00:00:00
osv
osv
mysql-dfsg-5.0 - buffer overflows
2008-01-28 00:00:00
mysql-dfsg-5.0 - authorization bypass
2008-07-13 00:00:00
freebsd
freebsd
mysql -- MyISAM table privileges security bypass vulnerability
2008-05-05 00:00:00
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
2008-07-03 00:00:00
cve
cve
CVE-2008-2079
2008-05-05 16:20:00
CVE-2008-0226
2008-01-10 23:46:00
CVE-2008-0227
2008-01-10 23:46:00
redhat
redhat
(RHSA-2008:0510) Moderate: Red Hat Application Stack v1.3 security and enhancement update
2008-07-02 00:00:00
(RHSA-2009:1289) Moderate: mysql security and bug fix update
2009-09-02 09:47:12
(RHSA-2008:0768) Moderate: mysql security, bug fix, and enhancement update
2008-07-24 00:00:00
ubuntucve
ubuntucve
CVE-2008-2079
2008-05-05 00:00:00
CVE-2008-0227
2008-01-10 00:00:00
CVE-2008-0226
2008-01-10 00:00:00
cvelist
cvelist
CVE-2008-2079
2008-05-05 16:00:00
CVE-2008-0227
2008-01-10 23:00:00
CVE-2008-0226
2008-01-10 23:00:00
seebug
seebug
MySQL MyISAM葨绕过权限检ζŸ₯漏洞
2008-05-12 00:00:00
prion
prion
Privilege escalation
2008-05-05 16:20:00
Buffer overflow
2008-01-10 23:46:00
Code injection
2008-01-10 23:46:00
gentoo
gentoo
MySQL: Privilege bypass
2008-09-04 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:22:36
nvd
nvd
CVE-2008-2079
2008-05-05 16:20:00
CVE-2008-0226
2008-01-10 23:46:00
CVE-2008-0227
2008-01-10 23:46:00
packetstorm
packetstorm
MySQL yaSSL SSL Hello Message Buffer Overflow
2010-01-27 00:00:00
MySQL yaSSL SSL Hello Message Buffer Overflow
2009-10-27 00:00:00
checkpoint_advisories
checkpoint_advisories
MySQL yaSSL SSL Hello Message Buffer Overflow (CVE-2008-0226)
2009-11-10 00:00:00
redhatcve
redhatcve
CVE-2008-0226
2015-10-30 10:34:08
CVE-2008-0227
2015-10-30 10:34:04
CVE-2008-4097
2015-10-30 10:30:27
ubuntu
ubuntu
MySQL regression
2008-04-02 00:00:00
MySQL vulnerabilities
2008-03-19 00:00:00
MySQL vulnerabilities
2008-11-17 00:00:00
saint
saint
MySQL yaSSL SSL Hello message buffer overflow
2008-03-10 00:00:00
MySQL yaSSL SSL Hello message buffer overflow
2008-03-10 00:00:00
MySQL yaSSL SSL Hello message buffer overflow
2008-03-10 00:00:00
securityvulns
securityvulns
MySQL privilege escalation
2008-11-10 00:00:00
[ MDVSA-2010:012 ] mysql
2010-01-19 00:00:00
oraclelinux
oraclelinux
mysql security and bug fix update
2009-09-08 00:00:00
mysql security, bug fix, and enhancement update
2008-08-01 00:00:00
centos
centos
mysql security update
2009-09-15 18:28:45
suse
suse
remote code execution in openwsman
2008-08-14 18:02:43

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON
Related for MANDRIVA_MDVSA-2008-150.NASL
openvas56nessus38debian2altlinux1osv2freebsd2cve5redhat4ubuntucve5cvelist5seebug1prion5gentoo1veracode1nvd5packetstorm2checkpoint_advisories1redhatcve3ubuntu3saint4securityvulns2oraclelinux2centos1suse1