Executive Summary

Informations
NameMDVSA-2009:326First vendor Publication2009-12-07
VendorMandrivaLast vendor Modification2009-12-07
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score8.5Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in mysql:

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement (CVE-2008-3963).

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document (CVE-2008-4456).

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446).

Packages for 2008.0 are being provided due to extended support for Corporate products.

This update provides fixes for this vulnerability.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:326

CWE : Common Weakness Enumeration

idName
CWE-134Uncontrolled Format String
CWE-264Permissions, Privileges, and Access Controls
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
CWE-59Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10521
 
Oval ID: oval:org.mitre.oval:def:10521
Title: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Description: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3963
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10591
 
Oval ID: oval:org.mitre.oval:def:10591
Title: MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Description: MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4098
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11456
 
Oval ID: oval:org.mitre.oval:def:11456
Title: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Description: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4456
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11857
 
Oval ID: oval:org.mitre.oval:def:11857
Title: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Description: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2446
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22888
 
Oval ID: oval:org.mitre.oval:def:22888
Title: ELSA-2009:1289: mysql security and bug fix update (Moderate)
Description: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2009:1289-02
CVE-2008-2079
CVE-2008-3963
CVE-2008-4456
CVE-2009-2446
Version: 18
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application243

OpenVAS Exploits

DateDescription
2012-03-16Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201201-02 (MySQL)
File : nvt/glsa_201201_02.nasl
2011-08-09Name : CentOS Update for mysql CESA-2010:0109 centos5 i386
File : nvt/gb_CESA-2010_0109_mysql_centos5_i386.nasl
2011-08-09Name : CentOS Update for mysql CESA-2009:1289 centos5 i386
File : nvt/gb_CESA-2009_1289_mysql_centos5_i386.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-02-19Name : CentOS Update for mysql CESA-2010:0110 centos4 i386
File : nvt/gb_CESA-2010_0110_mysql_centos4_i386.nasl
2010-02-19Name : RedHat Update for mysql RHSA-2010:0109-01
File : nvt/gb_RHSA-2010_0109-01_mysql.nasl
2010-02-19Name : RedHat Update for mysql RHSA-2010:0110-01
File : nvt/gb_RHSA-2010_0110-01_mysql.nasl
2010-02-15Name : Ubuntu Update for MySQL vulnerabilities USN-897-1
File : nvt/gb_ubuntu_USN_897_1.nasl
2010-01-19Name : Mandriva Update for mysql MDVSA-2010:011 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_011.nasl
2010-01-19Name : Mandriva Update for mysql MDVSA-2010:012 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_012.nasl
2009-12-14Name : Fedora Core 10 FEDORA-2009-12180 (mysql)
File : nvt/fcore_2009_12180.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:326 (mysql)
File : nvt/mdksa_2009_326.nasl
2009-10-13Name : SLES10: Security update for MySQL
File : nvt/sles10_mysql.nasl
2009-10-13Name : SLES10: Security update for MySQL
File : nvt/sles10_mysql0.nasl
2009-10-11Name : SLES11: Security update for MySQL
File : nvt/sles11_libmysqlclient1.nasl
2009-10-10Name : SLES9: Security update for MySQL
File : nvt/sles9p5040120.nasl
2009-10-10Name : SLES9: Security update for MySQL
File : nvt/sles9p5056120.nasl
2009-09-28Name : RedHat Security Advisory RHSA-2009:1461
File : nvt/RHSA_2009_1461.nasl
2009-09-21Name : CentOS Security Advisory CESA-2009:1289 (mysql)
File : nvt/ovcesa2009_1289.nasl
2009-09-09Name : RedHat Security Advisory RHSA-2009:1289
File : nvt/RHSA_2009_1289.nasl
2009-09-09Name : Debian Security Advisory DSA 1877-1 (mysql-dfsg-5.0)
File : nvt/deb_1877_1.nasl
2009-09-09Name : SuSE Security Summary SUSE-SR:2009:014
File : nvt/suse_sr_2009_014.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:179 (mysql)
File : nvt/mdksa_2009_179.nasl
2009-07-29Name : Mandrake Security Advisory MDVSA-2009:159 (mysql)
File : nvt/mdksa_2009_159.nasl
2009-07-17Name : MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
File : nvt/gb_mysql_mult_format_string_vuln.nasl
2009-06-05Name : RedHat Security Advisory RHSA-2009:1067
File : nvt/RHSA_2009_1067.nasl
2009-06-05Name : Ubuntu USN-763-1 (xine-lib)
File : nvt/ubuntu_763_1.nasl
2009-04-28Name : Mandrake Security Advisory MDVSA-2009:094 (mysql)
File : nvt/mdksa_2009_094.nasl
2009-04-23Name : MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
File : nvt/mysql_29106.nasl
2009-03-23Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1
File : nvt/gb_ubuntu_USN_671_1.nasl
2009-01-20Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-20Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2009-01-13Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server16.nasl
2009-01-02Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server15.nasl
2008-11-19Name : Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0)
File : nvt/deb_1662_1.nasl
2008-10-03Name : FreeBSD Ports: mysql-client
File : nvt/freebsd_mysql-client0.nasl
2008-09-25Name : MySQL Empty Bit-String Literal Denial of Service Vulnerability
File : nvt/secpod_mysql_dos_vuln_900221.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
55734MySQL sql_parse.cc dispatch_command() Function Format String DoS
48710MySQL Command Line Client HTML Output XSS
48021MySQL Empty Bit-String Literal Token SQL Statement DoS
44937MySQL MyISAM Table CREATE TABLE Privilege Check Bypass

Snort® IPS/IDS

DateDescription
2014-01-10mysql_log COM_DROP_DB format string vulnerability exploit attempt
RuleID : 16708 - Revision : 7 - Type : SERVER-MYSQL
2014-01-10mysql_log COM_CREATE_DB format string vulnerability exploit attempt
RuleID : 16707 - Revision : 7 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100216_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100216_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-03-13Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : The remote database server is prone to a denial of service attack.
File : mysql_5_0_38.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : A remote database client have a cross-site scripting vulnerability.
File : mysql_6_0_14_XSS.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : The remote database server allows a local user to circumvent privileges.
File : mysql_6_0_14_priv_bypass.nasl - Type : ACT_GATHER_INFO
2012-01-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-012.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-02Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1877.nasl - Type : ACT_GATHER_INFO
2010-02-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2010-02-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-897-1.nasl - Type : ACT_GATHER_INFO
2010-01-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-011.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-326.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote SuSE system is missing the security patch libmysqlclient-devel-6360
File : suse_libmysqlclient-devel-6360.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12256.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-6446.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12456.nasl - Type : ACT_GATHER_INFO
2009-08-27Name : The remote SuSE system is missing a security patch for libmysqlclient-devel
File : suse_11_1_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-08-27Name : The remote SuSE system is missing a security patch for libmysqlclient-devel
File : suse_11_0_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-07-28Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-159.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for libmysqlclient-devel
File : suse_11_0_libmysqlclient-devel-080919.nasl - Type : ACT_GATHER_INFO
2009-04-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1783.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-671-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-094.nasl - Type : ACT_GATHER_INFO
2009-01-12Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_66a770b4e00811dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-30Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_738f8f9ed66111dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote SuSE system is missing the security patch libmysqlclient-devel-5619
File : suse_libmysqlclient-devel-5619.nasl - Type : ACT_GATHER_INFO
2008-12-01Name : The remote SuSE system is missing the security patch mysql-5613
File : suse_mysql-5613.nasl - Type : ACT_GATHER_INFO
2008-11-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-5618.nasl - Type : ACT_GATHER_INFO
2008-11-09Name : The remote database server is susceptible to a privilege bypass attack.
File : mysql_es_5_0_70.nasl - Type : ACT_GATHER_INFO
2008-11-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1662.nasl - Type : ACT_GATHER_INFO
2008-10-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4775c8078f3011dd821f001cc0377035.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is affected by several issues.
File : mysql_5_0_67.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is susceptible to a denial of service attack.
File : mysql_5_1_26.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is susceptible to a denial of service attack.
File : mysql_6_0_6.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is susceptible to a denial of service attack.
File : mysql_es_5_0_66.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:41:04
  • Multiple Updates