Check for the Version of mysql
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for mysql MDVSA-2010:155-1 (mysql)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities has been found and corrected in mysql:
MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).
Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:
* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512) (CVE-2010-3683)
* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER
BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
(CVE-2010-3682)
* The server could crash if there were alternate reads from two indexes
on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)
* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393) (CVE-2010-3679)
* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)
* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575) (CVE-2010-3677)
* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash. (Bug#54044) (CVE-2010-3680)
The updated packages have been patched to correct these issues.
Update:
Packages for 2009.1 was not provided with the MDVSA-2010:155
advisory. This advisory provides the missing packages.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "mysql on Mandriva Linux 2009.1,
Mandriva Linux 2009.1/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-11/msg00007.php");
script_id(831244);
script_version("$Revision: 8164 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_xref(name: "MDVSA", value: "2010:155-1");
script_cve_id("CVE-2010-2008", "CVE-2010-3683", "CVE-2010-3682", "CVE-2010-3681", "CVE-2010-3679", "CVE-2010-3678", "CVE-2010-3677", "CVE-2010-3680");
script_name("Mandriva Update for mysql MDVSA-2010:155-1 (mysql)");
script_tag(name: "summary" , value: "Check for the Version of mysql");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2009.1")
{
if ((res = isrpmvuln(pkg:"libmysql16", rpm:"libmysql16~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libmysql-devel", rpm:"libmysql-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libmysql-static-devel", rpm:"libmysql-static-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql", rpm:"mysql~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-client", rpm:"mysql-client~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-common", rpm:"mysql-common~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-doc", rpm:"mysql-doc~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-max", rpm:"mysql-max~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-ndb-extra", rpm:"mysql-ndb-extra~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-ndb-management", rpm:"mysql-ndb-management~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-ndb-storage", rpm:"mysql-ndb-storage~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-ndb-tools", rpm:"mysql-ndb-tools~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64mysql16", rpm:"lib64mysql16~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64mysql-devel", rpm:"lib64mysql-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64mysql-static-devel", rpm:"lib64mysql-static-devel~5.1.42~0.6mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}