Executive Summary
Summary | |
---|---|
Title | mysql security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0442 | First vendor Publication | 2010-05-26 |
Vendor | RedHat | Last vendor Modification | 2010-05-26 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated mysql packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command (this command is sent when a client uses the MySQL mysql_list_fields() client library function). An authenticated database user could send a request with an excessively long table name to cause a temporary denial of service (mysqld crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-1850) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. An authenticated database user could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially-crafted table name. (CVE-2010-1848) A flaw was discovered in the way MySQL handled symbolic links to tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE TABLE statements. An attacker with CREATE and DROP table privileges, and shell access to the database server, could use this flaw to remove data and index files of tables created by other database users using the MyISAM storage engine. (CVE-2010-1626) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 553648 - CVE-2010-1626 mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks 592079 - CVE-2010-1848 mysql: multiple insufficient table name checks 592091 - CVE-2010-1850 mysql: COM_FIELD_LIST table name buffer overflow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0442.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
25 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10258 | |||
Oval ID: | oval:org.mitre.oval:def:10258 | ||
Title: | Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | ||
Description: | Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1848 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10846 | |||
Oval ID: | oval:org.mitre.oval:def:10846 | ||
Title: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1850 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11765 | |||
Oval ID: | oval:org.mitre.oval:def:11765 | ||
Title: | DSA-2057 mysql-dfsg-5.0 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2057 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12968 | |||
Oval ID: | oval:org.mitre.oval:def:12968 | ||
Title: | USN-950-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities | ||
Description: | It was discovered that MySQL did not check privileges before uninstalling plugins. An authenticated user could uninstall arbitrary plugins, bypassing intended restrictions. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL could be made to delete another user�s data and index files. An authenticated user could use symlinks combined with the DROP TABLE command to possibly bypass privilege checks. It was discovered that MySQL incorrectly validated the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially- crafted table name to bypass privilege checks and possibly access other tables. Eric Day discovered that MySQL incorrectly handled certain network packets. A remote attacker could exploit this flaw and cause the server to consume all available resources, resulting in a denial of service. It was discovered that MySQL performed incorrect bounds checking on the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially-crafted table name to cause a denial of service or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-950-1 CVE-2010-1621 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | mysql-dfsg-5.0 mysql-dfsg-5.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13286 | |||
Oval ID: | oval:org.mitre.oval:def:13286 | ||
Title: | DSA-2057-1 mysql-dfsg-5.0 -- several | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1626 MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. CVE-2010-1848 MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. CVE-2010-1849 MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. CVE-2010-1850 MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. For the stable distribution, these problems have been fixed in version 5.0.51a-24+lenny4 The testing and unstable distribution do not contain mysql-dfsg-5.0 anymore. We recommend that you upgrade your mysql-dfsg-5.0 package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2057-1 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22134 | |||
Oval ID: | oval:org.mitre.oval:def:22134 | ||
Title: | RHSA-2010:0442: mysql security update (Important) | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0442-01 CESA-2010:0442 CVE-2010-1626 CVE-2010-1848 CVE-2010-1850 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23130 | |||
Oval ID: | oval:org.mitre.oval:def:23130 | ||
Title: | ELSA-2010:0442: mysql security update (Important) | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0442-01 CVE-2010-1626 CVE-2010-1848 CVE-2010-1850 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28096 | |||
Oval ID: | oval:org.mitre.oval:def:28096 | ||
Title: | DEPRECATED: ELSA-2010-0442 -- mysql security update (important) | ||
Description: | [5.0.77-4.3] - Add fixes for CVE-2010-1626, CVE-2010-1848, CVE-2010-1850 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0442 CVE-2010-1626 CVE-2010-1848 CVE-2010-1850 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6693 | |||
Oval ID: | oval:org.mitre.oval:def:6693 | ||
Title: | Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1850 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.0 MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7210 | |||
Oval ID: | oval:org.mitre.oval:def:7210 | ||
Title: | Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability | ||
Description: | Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1848 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.0 MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9490 | |||
Oval ID: | oval:org.mitre.oval:def:9490 | ||
Title: | MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | ||
Description: | MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1626 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-02 (MySQL) File : nvt/glsa_201201_02.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for mysql CESA-2010:0442 centos5 i386 File : nvt/gb_CESA-2010_0442_mysql_centos5_i386.nasl |
2010-11-16 | Name : RedHat Update for mysql RHSA-2010:0824-01 File : nvt/gb_RHSA-2010_0824-01_mysql.nasl |
2010-11-16 | Name : CentOS Update for mysql CESA-2010:0824 centos4 i386 File : nvt/gb_CESA-2010_0824_mysql_centos4_i386.nasl |
2010-10-19 | Name : Fedora Update for mysql FEDORA-2010-15166 File : nvt/gb_fedora_2010_15166_mysql_fc13.nasl |
2010-08-06 | Name : Fedora Update for mysql FEDORA-2010-11126 File : nvt/gb_fedora_2010_11126_mysql_fc12.nasl |
2010-07-30 | Name : Fedora Update for mysql FEDORA-2010-11135 File : nvt/gb_fedora_2010_11135_mysql_fc13.nasl |
2010-06-11 | Name : Fedora Update for mysql FEDORA-2010-9016 File : nvt/gb_fedora_2010_9016_mysql_fc13.nasl |
2010-06-11 | Name : Fedora Update for mysql FEDORA-2010-9053 File : nvt/gb_fedora_2010_9053_mysql_fc12.nasl |
2010-06-11 | Name : Fedora Update for mysql FEDORA-2010-9061 File : nvt/gb_fedora_2010_9061_mysql_fc11.nasl |
2010-06-11 | Name : MySQL Multiple Vulnerabilities File : nvt/gb_mysql_mult_vuln.nasl |
2010-06-11 | Name : Ubuntu Update for MySQL vulnerabilities USN-950-1 File : nvt/gb_ubuntu_USN_950_1.nasl |
2010-06-10 | Name : Debian Security Advisory DSA 2057-1 (mysql-dfsg-5.0) File : nvt/deb_2057_1.nasl |
2010-05-28 | Name : Mandriva Update for mysql MDVSA-2010:101 (mysql) File : nvt/gb_mandriva_MDVSA_2010_101.nasl |
2010-05-28 | Name : Mandriva Update for mysql MDVSA-2010:107 (mysql) File : nvt/gb_mandriva_MDVSA_2010_107.nasl |
2010-05-28 | Name : RedHat Update for mysql RHSA-2010:0442-01 File : nvt/gb_RHSA-2010_0442-01_mysql.nasl |
2010-05-27 | Name : MySQL < 5.1.47 Multiple Vulnerabilities File : nvt/gb_mysql_5_1_47.nasl |
2010-05-19 | Name : Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability File : nvt/gb_mysql_40106.nasl |
2010-03-22 | Name : Mandriva Update for timezone MDVA-2010:101 (timezone) File : nvt/gb_mandriva_MDVA_2010_101.nasl |
2010-03-22 | Name : Mandriva Update for pulseaudio MDVA-2010:107 (pulseaudio) File : nvt/gb_mandriva_MDVA_2010_107.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64843 | MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion |
64587 | MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow |
64586 | MySQL COM_FIELD_LIST Command Packet Authentication Bypass |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Database COM_FIELD_LIST Buffer Overflow attempt RuleID : 16703 - Revision : 10 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_mysql_20130924.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0442.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101103_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100526_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO |
2012-01-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-11-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12661.nasl - Type : ACT_GATHER_INFO |
2010-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-7172.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libmysqlclient-devel-101006.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9053.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9061.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9016.nasl - Type : ACT_GATHER_INFO |
2010-06-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-950-1.nasl - Type : ACT_GATHER_INFO |
2010-06-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2057.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0442.nasl - Type : ACT_GATHER_INFO |
2010-05-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0442.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-107.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_47.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-101.nasl - Type : ACT_GATHER_INFO |
2010-05-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_46.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:32 |
|