Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.831315 |
Category: | Mandrake Local Security Checks |
Title: | Mandriva Update for mysql MDVSA-2011:012 (mysql) |
Summary: | The remote host is missing an update for the 'mysql'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'mysql' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in mysql: storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement (CVE-2010-3676). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column (CVE-2010-3677). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier (CVE-2010-3678). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind (CVE-2010-3679). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure (CVE-2010-3680). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing alternate reads from two indexes on a table, which triggers an assertion failure (CVE-2010-3681). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted 'SELECT ... UNION ... ORDER BY \(SELECT ... WHERE ...\)' statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function (CVE-2010-3682). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request (CVE-2010-3683). The updated packages have been upgraded to the latest (last) stable 5.1 release (5.1.54) to address these issues for both Mandriva Linux 2010.0 and 2010.2. Affected Software/OS: mysql on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-3676 BugTraq ID: 42643 http://www.securityfocus.com/bid/42643 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.vupen.com/english/advisories/2011/0133 XForce ISS Database: mysql-dictocrea-dos(64689) https://exchange.xforce.ibmcloud.com/vulnerabilities/64689 Common Vulnerability Exposure (CVE) ID: CVE-2010-3677 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html BugTraq ID: 42646 http://www.securityfocus.com/bid/42646 Debian Security Information: DSA-2143 (Google Search) http://www.debian.org/security/2011/dsa-2143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://bugs.mysql.com/bug.php?id=54575 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://www.redhat.com/support/errata/RHSA-2011-0164.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html TurboLinux Advisory: TLSA-2011-3 http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt http://www.ubuntu.com/usn/USN-1017-1 http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2011/0105 http://www.vupen.com/english/advisories/2011/0170 http://www.vupen.com/english/advisories/2011/0345 XForce ISS Database: mysql-setcolumn-dos(64688) https://exchange.xforce.ibmcloud.com/vulnerabilities/64688 Common Vulnerability Exposure (CVE) ID: CVE-2010-3678 BugTraq ID: 42596 http://www.securityfocus.com/bid/42596 Common Vulnerability Exposure (CVE) ID: CVE-2010-3679 BugTraq ID: 42638 http://www.securityfocus.com/bid/42638 XForce ISS Database: mysql-binlog-command-dos(64687) https://exchange.xforce.ibmcloud.com/vulnerabilities/64687 Common Vulnerability Exposure (CVE) ID: CVE-2010-3680 BugTraq ID: 42598 http://www.securityfocus.com/bid/42598 XForce ISS Database: mysql-innodb-dos(64686) https://exchange.xforce.ibmcloud.com/vulnerabilities/64686 Common Vulnerability Exposure (CVE) ID: CVE-2010-3681 BugTraq ID: 42633 http://www.securityfocus.com/bid/42633 http://www.redhat.com/support/errata/RHSA-2010-0824.html SuSE Security Announcement: SUSE-SR:2010:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html XForce ISS Database: mysql-handler-interface-dos(64685) https://exchange.xforce.ibmcloud.com/vulnerabilities/64685 Common Vulnerability Exposure (CVE) ID: CVE-2010-3682 BugTraq ID: 42599 http://www.securityfocus.com/bid/42599 XForce ISS Database: mysql-itemsinglerowsubselect-dos(64684) https://exchange.xforce.ibmcloud.com/vulnerabilities/64684 Common Vulnerability Exposure (CVE) ID: CVE-2010-3683 BugTraq ID: 42625 http://www.securityfocus.com/bid/42625 XForce ISS Database: mysql-ok-packet-dos(64683) https://exchange.xforce.ibmcloud.com/vulnerabilities/64683 |
Copyright | Copyright (c) 2011 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |