Mandriva Update for mysql MDVSA-2010:155-1 (mysql)

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for mysql MDVSA-2010:155-1 (mysql)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities has been found and corrected in mysql:

  MySQL before 5.1.48 allows remote authenticated users with alter
  database privileges to cause a denial of service (server crash
  and database loss) via an ALTER DATABASE command with a #mysql50#
  string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
  similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
  causes MySQL to move certain directories to the server data directory
  (CVE-2010-2008).
  
  Additionally many security issues noted in the 5.1.49 release notes
  has been addressed with this advisory as well, such as:
  
  * LOAD DATA INFILE did not check for SQL errors and sent an OK packet
  even when errors were already reported. Also, an assert related to
  client-server protocol checking in debug servers sometimes was raised
  when it should not have been. (Bug#52512) (CVE-2010-3683)
  
  * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER
  BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
  (CVE-2010-3682)
  
  * The server could crash if there were alternate reads from two indexes
  on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)
  
  * A malformed argument to the BINLOG statement could result in Valgrind
  warnings or a server crash. (Bug#54393) (CVE-2010-3679)
  
  * Incorrect handling of NULL arguments could lead to a crash for IN()
  or CASE operations when NULL arguments were either passed explicitly
  as arguments (for IN()) or implicitly generated by the WITH ROLLUP
  modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)
  
  * Joins involving a table with with a unique SET column could cause
  a server crash. (Bug#54575) (CVE-2010-3677)
  
  * Use of TEMPORARY  InnoDB tables with nullable columns could cause
  a server crash. (Bug#54044) (CVE-2010-3680)
  
  The updated packages have been patched to correct these issues.
  
  Update:
  
  Packages for 2009.1 was not provided with the MDVSA-2010:155
  advisory. This advisory provides the missing packages.";
tag_solution = "Please Install the Updated Packages.";

tag_affected = "mysql on Mandriva Linux 2009.1,
  Mandriva Linux 2009.1/X86_64";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-11/msg00007.php");
  script_id(831244);
  script_version("$Revision: 8164 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $");
  script_tag(name:"creation_date", value:"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)");
  script_tag(name:"cvss_base", value:"4.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_xref(name: "MDVSA", value: "2010:155-1");
  script_cve_id("CVE-2010-2008", "CVE-2010-3683", "CVE-2010-3682", "CVE-2010-3681", "CVE-2010-3679", "CVE-2010-3678", "CVE-2010-3677", "CVE-2010-3680");
  script_name("Mandriva Update for mysql MDVSA-2010:155-1 (mysql)");

  script_tag(name: "summary" , value: "Check for the Version of mysql");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2009.1")
{

  if ((res = isrpmvuln(pkg:"libmysql16", rpm:"libmysql16~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libmysql-devel", rpm:"libmysql-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libmysql-static-devel", rpm:"libmysql-static-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql", rpm:"mysql~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-client", rpm:"mysql-client~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-common", rpm:"mysql-common~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-doc", rpm:"mysql-doc~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-max", rpm:"mysql-max~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-ndb-extra", rpm:"mysql-ndb-extra~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-ndb-management", rpm:"mysql-ndb-management~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-ndb-storage", rpm:"mysql-ndb-storage~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql-ndb-tools", rpm:"mysql-ndb-tools~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64mysql16", rpm:"lib64mysql16~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64mysql-devel", rpm:"lib64mysql-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64mysql-static-devel", rpm:"lib64mysql-static-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}