English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68483
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1017-1 (mysql-dfsg-5.1)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to mysql-dfsg-5.1
announced via advisory USN-1017-1.

Details follow:

It was discovered that MySQL incorrectly handled certain requests with the
UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)

It was discovered that MySQL incorrectly handled joins involving a table
with a unique SET column. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)

It was discovered that MySQL incorrectly handled NULL arguments to IN() or
CASE operations. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu 9.10
and 10.04 LTS. (CVE-2010-3678)

It was discovered that MySQL incorrectly handled malformed arguments to the
BINLOG statement. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu 9.10
and 10.04 LTS. (CVE-2010-3679)

It was discovered that MySQL incorrectly handled the use of TEMPORARY
InnoDB tables with nullable columns. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3680)

It was discovered that MySQL incorrectly handled alternate reads from two
indexes on a table using the HANDLER interface. An authenticated user could
exploit this to make MySQL crash, causing a denial of service. This issue
only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3681)

It was discovered that MySQL incorrectly handled use of EXPLAIN with
certain queries. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3682)

It was discovered that MySQL incorrectly handled error reporting when using
LOAD DATA INFILE and would incorrectly raise an assert in certain
circumstances. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu 9.10
and 10.04 LTS. (CVE-2010-3683)

It was discovered that MySQL incorrectly handled propagation during
evaluation of arguments to extreme-value functions. An authenticated user
could exploit this to make MySQL crash, causing a denial of service. This
issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10.
(CVE-2010-3833)

It was discovered that MySQL incorrectly handled materializing a derived
table that required a temporary table for grouping. An authenticated user
could exploit this to make MySQL crash, causing a denial of service.
(CVE-2010-3834)

It was discovered that MySQL incorrectly handled certain user-variable
assignment expressions that are evaluated in a logical expression context.
An authenticated user could exploit this to make MySQL crash, causing a
denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10,
10.04 LTS and 10.10. (CVE-2010-3835)

It was discovered that MySQL incorrectly handled pre-evaluation of LIKE
predicates during view preparation. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. (CVE-2010-3836)

It was discovered that MySQL incorrectly handled using GROUP_CONCAT() and
WITH ROLLUP together. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. (CVE-2010-3837)

It was discovered that MySQL incorrectly handled certain queries using a
mixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST()
functions. An authenticated user could exploit this to make MySQL crash,
causing a denial of service. (CVE-2010-3838)

It was discovered that MySQL incorrectly handled queries with nested joins
when used from stored procedures and prepared statements. An authenticated
user could exploit this to make MySQL hang, causing a denial of service.
This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-3839)

It was discovered that MySQL incorrectly handled improper WKB data passed
to the PolyFromWKB() function. An authenticated user could exploit this to
make MySQL crash, causing a denial of service. (CVE-2010-3840)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.15

Ubuntu 8.04 LTS:
mysql-server-5.0 5.0.51a-3ubuntu5.8

Ubuntu 9.10:
mysql-server-5.1 5.1.37-1ubuntu5.5

Ubuntu 10.04 LTS:
mysql-server-5.1 5.1.41-3ubuntu12.7

Ubuntu 10.10:
mysql-server-5.1 5.1.49-1ubuntu8.1

In general, a standard system update will make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1017-1

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2008
BugTraq ID: 41198
http://www.securityfocus.com/bid/41198
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869
http://www.securitytracker.com/id?1024160
http://secunia.com/advisories/40333
http://secunia.com/advisories/40762
http://www.ubuntu.com/usn/USN-1017-1
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2010/1918
Common Vulnerability Exposure (CVE) ID: CVE-2010-3677
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
BugTraq ID: 42646
http://www.securityfocus.com/bid/42646
Debian Security Information: DSA-2143 (Google Search)
http://www.debian.org/security/2011/dsa-2143
http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
http://bugs.mysql.com/bug.php?id=54575
http://www.openwall.com/lists/oss-security/2010/09/28/10
http://www.redhat.com/support/errata/RHSA-2010-0825.html
http://www.redhat.com/support/errata/RHSA-2011-0164.html
http://secunia.com/advisories/42875
http://secunia.com/advisories/42936
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
TurboLinux Advisory: TLSA-2011-3
http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
http://www.vupen.com/english/advisories/2011/0105
http://www.vupen.com/english/advisories/2011/0133
http://www.vupen.com/english/advisories/2011/0170
http://www.vupen.com/english/advisories/2011/0345
XForce ISS Database: mysql-setcolumn-dos(64688)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64688
Common Vulnerability Exposure (CVE) ID: CVE-2010-3678
BugTraq ID: 42596
http://www.securityfocus.com/bid/42596
Common Vulnerability Exposure (CVE) ID: CVE-2010-3679
BugTraq ID: 42638
http://www.securityfocus.com/bid/42638
XForce ISS Database: mysql-binlog-command-dos(64687)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64687
Common Vulnerability Exposure (CVE) ID: CVE-2010-3680
BugTraq ID: 42598
http://www.securityfocus.com/bid/42598
XForce ISS Database: mysql-innodb-dos(64686)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64686
Common Vulnerability Exposure (CVE) ID: CVE-2010-3681
BugTraq ID: 42633
http://www.securityfocus.com/bid/42633
http://www.redhat.com/support/errata/RHSA-2010-0824.html
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
XForce ISS Database: mysql-handler-interface-dos(64685)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64685
Common Vulnerability Exposure (CVE) ID: CVE-2010-3682
BugTraq ID: 42599
http://www.securityfocus.com/bid/42599
XForce ISS Database: mysql-itemsinglerowsubselect-dos(64684)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64684
Common Vulnerability Exposure (CVE) ID: CVE-2010-3683
BugTraq ID: 42625
http://www.securityfocus.com/bid/42625
XForce ISS Database: mysql-ok-packet-dos(64683)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64683
Common Vulnerability Exposure (CVE) ID: CVE-2010-3833
BugTraq ID: 43676
http://www.securityfocus.com/bid/43676
http://www.mandriva.com/security/advisories?name=MDVSA-2010:223
http://bugs.mysql.com/bug.php?id=55826
XForce ISS Database: mysql-extremevalue-dos(64845)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64845
Common Vulnerability Exposure (CVE) ID: CVE-2010-3834
http://bugs.mysql.com/bug.php?id=55568
XForce ISS Database: mysql-derived-table-dos(64844)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64844
Common Vulnerability Exposure (CVE) ID: CVE-2010-3835
http://bugs.mysql.com/bug.php?id=55564
XForce ISS Database: mysql-uservariable-dos(64843)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64843
Common Vulnerability Exposure (CVE) ID: CVE-2010-3836
XForce ISS Database: mysql-view-preparation-dos(64842)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64842
Common Vulnerability Exposure (CVE) ID: CVE-2010-3837
XForce ISS Database: mysql-prepared-statement-dos(64841)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64841
Common Vulnerability Exposure (CVE) ID: CVE-2010-3838
http://bugs.mysql.com/bug.php?id=54461
XForce ISS Database: mysql-longblob-dos(64840)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64840
Common Vulnerability Exposure (CVE) ID: CVE-2010-3839
XForce ISS Database: mysql-invocations-dos(64839)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64839
Common Vulnerability Exposure (CVE) ID: CVE-2010-3840
http://lists.mysql.com/commits/117094
XForce ISS Database: mysql-gislinestringinitfromwkb-dos(64838)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64838
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.