Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69171
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0164
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:0164.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

The MySQL PolyFromWKB() function did not sanity check Well-Known Binary
(WKB) data, which could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3840)

A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to 100%), if
a stored procedure contained JOIN queries, and that procedure was executed
twice in sequence. (CVE-2010-3839)

A flaw in the way MySQL processed queries that provide a mixture of numeric
and longblob data types to the LEAST or GREATEST function, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3838)

A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)

MySQL did not properly pre-evaluate LIKE arguments in view prepare mode,
possibly allowing a remote, authenticated attacker to crash mysqld.
(CVE-2010-3836)

A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)

A flaw in the way MySQL evaluated the arguments of extreme-value functions,
such as LEAST and GREATEST, could allow a remote, authenticated attacker to
crash mysqld. (CVE-2010-3833)

A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to
send OK packets even when there were errors. (CVE-2010-3683)

A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)

A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3681)

A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that
define NULL columns when using the InnoDB storage engine, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3680)

A flaw in the way MySQL processed certain values provided to the BINLOG
statement caused MySQL to read unassigned memory. A remote, authenticated
attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679)

A flaw in the way MySQL processed SQL queries containing IN or CASE
statements, when a NULL argument was provided as one of the arguments to
the query, could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3678)

A flaw in the way MySQL processed JOIN queries that attempt to retrieve
data from a unique SET column could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3677)

Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,
CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678,
and CVE-2010-3677 only cause a temporary denial of service, as mysqld was
automatically restarted after each crash.

These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL
release notes for a full list of changes:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0164.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3677
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
BugTraq ID: 42646
http://www.securityfocus.com/bid/42646
Debian Security Information: DSA-2143 (Google Search)
http://www.debian.org/security/2011/dsa-2143
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
http://bugs.mysql.com/bug.php?id=54575
http://www.openwall.com/lists/oss-security/2010/09/28/10
http://www.redhat.com/support/errata/RHSA-2010-0825.html
http://www.redhat.com/support/errata/RHSA-2011-0164.html
http://secunia.com/advisories/42875
http://secunia.com/advisories/42936
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
TurboLinux Advisory: TLSA-2011-3
http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
http://www.ubuntu.com/usn/USN-1017-1
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2011/0105
http://www.vupen.com/english/advisories/2011/0133
http://www.vupen.com/english/advisories/2011/0170
http://www.vupen.com/english/advisories/2011/0345
XForce ISS Database: mysql-setcolumn-dos(64688)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64688
Common Vulnerability Exposure (CVE) ID: CVE-2010-3678
BugTraq ID: 42596
http://www.securityfocus.com/bid/42596
Common Vulnerability Exposure (CVE) ID: CVE-2010-3679
BugTraq ID: 42638
http://www.securityfocus.com/bid/42638
XForce ISS Database: mysql-binlog-command-dos(64687)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64687
Common Vulnerability Exposure (CVE) ID: CVE-2010-3680
BugTraq ID: 42598
http://www.securityfocus.com/bid/42598
XForce ISS Database: mysql-innodb-dos(64686)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64686
Common Vulnerability Exposure (CVE) ID: CVE-2010-3681
BugTraq ID: 42633
http://www.securityfocus.com/bid/42633
http://www.redhat.com/support/errata/RHSA-2010-0824.html
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
XForce ISS Database: mysql-handler-interface-dos(64685)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64685
Common Vulnerability Exposure (CVE) ID: CVE-2010-3682
BugTraq ID: 42599
http://www.securityfocus.com/bid/42599
XForce ISS Database: mysql-itemsinglerowsubselect-dos(64684)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64684
Common Vulnerability Exposure (CVE) ID: CVE-2010-3683
BugTraq ID: 42625
http://www.securityfocus.com/bid/42625
XForce ISS Database: mysql-ok-packet-dos(64683)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64683
Common Vulnerability Exposure (CVE) ID: CVE-2010-3833
BugTraq ID: 43676
http://www.securityfocus.com/bid/43676
http://www.mandriva.com/security/advisories?name=MDVSA-2010:223
http://bugs.mysql.com/bug.php?id=55826
XForce ISS Database: mysql-extremevalue-dos(64845)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64845
Common Vulnerability Exposure (CVE) ID: CVE-2010-3835
http://bugs.mysql.com/bug.php?id=55564
XForce ISS Database: mysql-uservariable-dos(64843)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64843
Common Vulnerability Exposure (CVE) ID: CVE-2010-3836
XForce ISS Database: mysql-view-preparation-dos(64842)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64842
Common Vulnerability Exposure (CVE) ID: CVE-2010-3837
XForce ISS Database: mysql-prepared-statement-dos(64841)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64841
Common Vulnerability Exposure (CVE) ID: CVE-2010-3838
http://bugs.mysql.com/bug.php?id=54461
XForce ISS Database: mysql-longblob-dos(64840)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64840
Common Vulnerability Exposure (CVE) ID: CVE-2010-3839
XForce ISS Database: mysql-invocations-dos(64839)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64839
Common Vulnerability Exposure (CVE) ID: CVE-2010-3840
http://lists.mysql.com/commits/117094
XForce ISS Database: mysql-gislinestringinitfromwkb-dos(64838)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64838
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.