Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2009-094.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)

2009-04-2300:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
97
JSON

Multiple vulnerabilities has been found and corrected in mysql :

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b’’ (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement (CVE-2008-3963).

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079 (CVE-2008-4097).

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document (CVE-2008-4456).

bugs in the Mandriva Linux 2008.1 packages that has been fixed :

o upstream fix for mysql bug35754 (#38398, #44691) o fix #46116 (initialization file mysqld-max don’t show correct application status) o fix upstream bug 42366

bugs in the Mandriva Linux 2009.0 packages that has been fixed :

o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097, CVE-2008-4098) o no need to workaround #38398, #44691 anymore (since 5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don’t show correct application status) o sphinx-0.9.8.1

bugs in the Mandriva Linux Corporate Server 4 packages that has been fixed: o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don’t show correct application status)

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:094. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(36943);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2008-3963",
    "CVE-2008-4097",
    "CVE-2008-4098",
    "CVE-2008-4456"
  );
  script_bugtraq_id(
    29106,
    31081,
    31486
  );
  script_xref(name:"MDVSA", value:"2009:094");

  script_name(english:"Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in mysql :

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does
not properly handle a b'' (b single-quote single-quote) token, aka an
empty bit-string literal, which allows remote attackers to cause a
denial of service (daemon crash) by using this token in a SQL
statement (CVE-2008-3963).

MySQL 5.0.51a allows local users to bypass certain privilege checks by
calling CREATE TABLE on a MyISAM table with modified (1) DATA
DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with
symlinks within pathnames for subdirectories of the MySQL home data
directory, which are followed when tables are created in the future.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-2079 (CVE-2008-4097).

MySQL before 5.0.67 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally
associated with pathnames without symlinks, and that can point to
tables created at a future time at which a pathname is modified to
contain a symlink to a subdirectory of the MySQL home data directory.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client in
MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows
attackers to inject arbitrary web script or HTML by placing it in a
database cell, which might be accessed by this client when composing
an HTML document (CVE-2008-4456).

bugs in the Mandriva Linux 2008.1 packages that has been fixed :

o upstream fix for mysql bug35754 (#38398, #44691) o fix #46116
(initialization file mysqld-max don't show correct application status)
o fix upstream bug 42366

bugs in the Mandriva Linux 2009.0 packages that has been fixed :

o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,
CVE-2008-4098) o no need to workaround #38398, #44691 anymore (since
5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file
mysqld-max don't show correct application status) o sphinx-0.9.8.1

bugs in the Mandriva Linux Corporate Server 4 packages that has been
fixed: o fix upstream bug 42366 o fix #46116 (initialization file
mysqld-max don't show correct application status)

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(59, 79, 134, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64mysql-devel-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64mysql-static-devel-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64mysql15-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libmysql-devel-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libmysql-static-devel-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libmysql15-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-bench-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-client-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-common-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-doc-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-max-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-ndb-extra-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-ndb-management-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-ndb-storage-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mysql-ndb-tools-5.0.51a-8.2mdv2008.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64mysql-devel-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64mysql-static-devel-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64mysql15-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libmysql-devel-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libmysql-static-devel-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libmysql15-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-bench-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-client-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-common-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-doc-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-max-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-ndb-extra-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-ndb-management-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-ndb-storage-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mysql-ndb-tools-5.0.77-0.2mdv2009.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64mysql-develp-cpe:/a:mandriva:linux:lib64mysql-devel
mandrivalinuxlib64mysql-static-develp-cpe:/a:mandriva:linux:lib64mysql-static-devel
mandrivalinuxlib64mysql15p-cpe:/a:mandriva:linux:lib64mysql15
mandrivalinuxlibmysql-develp-cpe:/a:mandriva:linux:libmysql-devel
mandrivalinuxlibmysql-static-develp-cpe:/a:mandriva:linux:libmysql-static-devel
mandrivalinuxlibmysql15p-cpe:/a:mandriva:linux:libmysql15
mandrivalinuxmysqlp-cpe:/a:mandriva:linux:mysql
mandrivalinuxmysql-benchp-cpe:/a:mandriva:linux:mysql-bench
mandrivalinuxmysql-clientp-cpe:/a:mandriva:linux:mysql-client
mandrivalinuxmysql-commonp-cpe:/a:mandriva:linux:mysql-common
Rows per page:
1-10 of 181

Related

openvas 81
nessus 55
ubuntu 2
freebsd 3
securityvulns 5
centos 2
redhat 7
oraclelinux 3
prion 7
debian 5
osv 3
ubuntucve 7
cve 7
redhatcve 1
veracode 4
gentoo 2
seebug 3
altlinux 1
suse 1
openvas
openvas
Mandrake Security Advisory MDVSA-2009:094 (mysql)
2009-04-28 00:00:00
Mandrake Security Advisory MDVSA-2009:094 (mysql)
2009-04-28 00:00:00
Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1
2009-03-23 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : mysql-dfsg-5.0 vulnerabilities (USN-671-1)
2009-04-23 00:00:00
CentOS 5 : mysql (CESA-2009:1289)
2010-01-06 00:00:00
RHEL 5 : mysql (RHSA-2009:1289)
2013-01-24 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2008-11-17 00:00:00
MySQL vulnerabilities
2010-02-10 00:00:00
freebsd
freebsd
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
2008-07-03 00:00:00
mysql -- MyISAM table privileges security bypass vulnerability
2008-05-05 00:00:00
mysql -- empty bit-string literal denial of service
2008-09-11 00:00:00
securityvulns
securityvulns
MySQL privilege escalation
2008-11-10 00:00:00
[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-11-10 00:00:00
reporting CVE
2009-03-17 00:00:00
centos
centos
mysql security update
2009-09-15 18:28:45
mysql security update
2010-02-17 16:42:25
redhat
redhat
(RHSA-2009:1289) Moderate: mysql security and bug fix update
2009-09-02 09:47:12
(RHSA-2010:0110) Moderate: mysql security update
2010-02-16 00:00:00
(RHSA-2008:0510) Moderate: Red Hat Application Stack v1.3 security and enhancement update
2008-07-02 00:00:00
oraclelinux
oraclelinux
mysql security and bug fix update
2009-09-08 00:00:00
mysql security update
2010-02-16 00:00:00
mysql security, bug fix, and enhancement update
2008-08-01 00:00:00
prion
prion
Privilege escalation
2008-09-18 15:04:00
Privilege escalation
2008-09-18 15:04:00
Privilege escalation
2009-11-30 17:30:00
debian
debian
[SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities
2009-04-29 08:24:32
[SECURITY] [DSA 1783-1] New mysql-dfsg-5.0 packages fix multiple vulnerabilities
2009-04-29 08:24:39
[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-11-06 04:20:00
osv
osv
mysql-dfsg-5.0 - several vulnerabilities
2009-04-29 00:00:00
mysql-dfsg-5.0 - authorization bypass
2008-07-13 00:00:00
mysql-dfsg-5.0 - authorization bypass
2008-11-06 00:00:00
ubuntucve
ubuntucve
CVE-2008-4097
2008-09-18 00:00:00
CVE-2008-4098
2008-09-18 00:00:00
CVE-2009-4030
2009-11-30 00:00:00
cve
cve
CVE-2008-4097
2008-09-18 15:04:00
CVE-2008-4098
2008-09-18 15:04:00
CVE-2009-4030
2009-11-30 17:30:00
redhatcve
redhatcve
CVE-2008-4097
2015-10-30 10:30:27
veracode
veracode
Privilege Escalation
2020-04-10 00:22:36
Cross-site Scripting (XSS)
2020-04-10 00:37:00
Denial Of Service (DoS)
2020-04-10 00:32:24
gentoo
gentoo
MySQL: Privilege bypass
2008-09-04 00:00:00
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00
seebug
seebug
MySQL MyISAM表绕过权限检查漏洞
2008-05-12 00:00:00
MySQL空两进制字符串远程拒绝服务漏洞
2008-09-14 00:00:00
MySQL vulnerabilities
2010-02-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package MySQL version 5.0.83-alt2
2009-06-29 00:00:00
suse
suse
remote code execution in openwsman
2008-08-14 18:02:43
JSON
Related for MANDRIVA_MDVSA-2009-094.NASL
openvas81nessus55ubuntu2freebsd3securityvulns5centos2redhat7oraclelinux3prion7debian5osv3ubuntucve7cve7redhatcve1veracode4gentoo2seebug3altlinux1suse1