Multiple vulnerabilities has been found and corrected in mysql :
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), … (dot dot), …/ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008).
Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as :
LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported.
Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. (Bug#52512) (CVE-2010-3683)
Using EXPLAIN with queries of the form SELECT … UNION … ORDER BY (SELECT … WHERE …) could cause a server crash. (Bug#52711) (CVE-2010-3682)
The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface.
(Bug#54007) (CVE-2010-3681)
A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash.
(Bug#54393) (CVE-2010-3679)
Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)
Joins involving a table with with a unique SET column could cause a server crash. (Bug#54575) (CVE-2010-3677)
Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. (Bug#54044) (CVE-2010-3680)
The updated packages have been patched to correct these issues.
Update :
Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2010:155.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(48399);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2010-2008", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683");
script_bugtraq_id(41198, 42596, 42598, 42599, 42625, 42633, 42638, 42646);
script_xref(name:"MDVSA", value:"2010:155-1");
script_name(english:"Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities has been found and corrected in mysql :
MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash and
database loss) via an ALTER DATABASE command with a #mysql50# string
followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
MySQL to move certain directories to the server data directory
(CVE-2010-2008).
Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as :
- LOAD DATA INFILE did not check for SQL errors and sent
an OK packet even when errors were already reported.
Also, an assert related to client-server protocol
checking in debug servers sometimes was raised when it
should not have been. (Bug#52512) (CVE-2010-3683)
- Using EXPLAIN with queries of the form SELECT ... UNION
... ORDER BY (SELECT ... WHERE ...) could cause a server
crash. (Bug#52711) (CVE-2010-3682)
- The server could crash if there were alternate reads
from two indexes on a table using the HANDLER interface.
(Bug#54007) (CVE-2010-3681)
- A malformed argument to the BINLOG statement could
result in Valgrind warnings or a server crash.
(Bug#54393) (CVE-2010-3679)
- Incorrect handling of NULL arguments could lead to a
crash for IN() or CASE operations when NULL arguments
were either passed explicitly as arguments (for IN()) or
implicitly generated by the WITH ROLLUP modifier (for
IN() and CASE). (Bug#54477) (CVE-2010-3678)
- Joins involving a table with with a unique SET column
could cause a server crash. (Bug#54575) (CVE-2010-3677)
- Use of TEMPORARY InnoDB tables with nullable columns
could cause a server crash. (Bug#54044) (CVE-2010-3680)
The updated packages have been patched to correct these issues.
Update :
Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.mysql.com/bug.php?id=52512"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.mysql.com/bug.php?id=52711"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.mysql.com/bug.php?id=54007"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.mysql.com/bug.php?id=54044"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.mysql.com/bug.php?id=54393"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.mysql.com/bug.php?id=54477"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.mysql.com/bug.php?id=54575"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql16");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql16");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64mysql-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64mysql16-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libmysql-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libmysql-static-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libmysql16-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-bench-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-client-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-common-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-doc-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-max-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-extra-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-management-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-storage-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-tools-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
mandriva | linux | lib64mysql-devel | p-cpe:/a:mandriva:linux:lib64mysql-devel |
mandriva | linux | lib64mysql-static-devel | p-cpe:/a:mandriva:linux:lib64mysql-static-devel |
mandriva | linux | lib64mysql16 | p-cpe:/a:mandriva:linux:lib64mysql16 |
mandriva | linux | libmysql-devel | p-cpe:/a:mandriva:linux:libmysql-devel |
mandriva | linux | libmysql-static-devel | p-cpe:/a:mandriva:linux:libmysql-static-devel |
mandriva | linux | libmysql16 | p-cpe:/a:mandriva:linux:libmysql16 |
mandriva | linux | mysql | p-cpe:/a:mandriva:linux:mysql |
mandriva | linux | mysql-bench | p-cpe:/a:mandriva:linux:mysql-bench |
mandriva | linux | mysql-client | p-cpe:/a:mandriva:linux:mysql-client |
mandriva | linux | mysql-common | p-cpe:/a:mandriva:linux:mysql-common |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
bugs.mysql.com/bug.php?id=52512
bugs.mysql.com/bug.php?id=52711
bugs.mysql.com/bug.php?id=54007
bugs.mysql.com/bug.php?id=54044
bugs.mysql.com/bug.php?id=54393
bugs.mysql.com/bug.php?id=54477
bugs.mysql.com/bug.php?id=54575