Mandrake Linux Security Advisory : MySQL (MDKSA-2006:158)

low Nessus Plugin ID 23902

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. (CVE-2006-4380)

There is a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart behavior during updates, as well as scripted setups that temporarily stopped the server to backup the database files. (Bug #15724)

The Corporate 3 and MNF2 products are not affected by these issues.

Packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Low

ID: 23902

File Name: mandrake_MDKSA-2006-158.nasl

Version: 1.17

Type: local

Family: Mandriva Local Security Checks

Published: 12/16/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-ndb, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:lib64mysql14, p-cpe:/a:mandriva:linux:lib64mysql14-devel, p-cpe:/a:mandriva:linux:libmysql14, p-cpe:/a:mandriva:linux:libmysql14-devel, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 8/31/2006

Reference Information

CVE: CVE-2006-4380

MDKSA: 2006:158

Detections

Analytics