Add backported patch for CVE-2010-2008

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- local users could delete data files for tables of other     users (CVE-2010-1626).

  - authenticated users could gather information for tables     they should not have access to (CVE-2010-1849)

  - authenticated users could crash mysqld (CVE-2010-1848)

  - authenticated users could potentially execute arbitrary     code as the user running mysqld (CVE-2010-1850)

  - authenticated users could crash mysqld (CVE-2010-3676,     CVE-2010-3677, CVE-2010-3678, CVE-2010-3679,     CVE-2010-3680, CVE-2010-3681, CVE-2010-3682,     CVE-2010-3683, CVE-2010-2008)

  - a race condition in /etc/init.d/mysql allowed local     users to make any file readable via symlink in /var/tmp     (CVE-2010-3675)

The version of MySQL Community Server installed on the remote host is earlier than 5.1.48 and thus potentially affected by a denial of service vulnerability.

The 'ALTER DATABASE' command can be misused by a user with 'ALTER' permissions to cause the MySQL data directory to become unusable.

- Update to MySQL 5.1.48, for various fixes described at     http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html     including a fix for CVE-2010-2008 Related: #614214 -     Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and
    -embedded subpackages, to ensure they are available when     any subset of mysql RPMs are installed, per revised     packaging guidelines - Allow init script's     STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig     Related: #609734

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities has been found and corrected in mysql :

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as :

  - LOAD DATA INFILE did not check for SQL errors and sent     an OK packet even when errors were already reported.
    Also, an assert related to client-server protocol     checking in debug servers sometimes was raised when it     should not have been. (Bug#52512) (CVE-2010-3683)

  - Using EXPLAIN with queries of the form SELECT ... UNION     ... ORDER BY (SELECT ... WHERE ...) could cause a server     crash. (Bug#52711) (CVE-2010-3682)

  - The server could crash if there were alternate reads     from two indexes on a table using the HANDLER interface.
    (Bug#54007) (CVE-2010-3681)

  - A malformed argument to the BINLOG statement could     result in Valgrind warnings or a server crash.
    (Bug#54393) (CVE-2010-3679)

  - Incorrect handling of NULL arguments could lead to a     crash for IN() or CASE operations when NULL arguments     were either passed explicitly as arguments (for IN()) or     implicitly generated by the WITH ROLLUP modifier (for     IN() and CASE). (Bug#54477) (CVE-2010-3678)

  - Joins involving a table with with a unique SET column     could cause a server crash. (Bug#54575) (CVE-2010-3677)

  - Use of TEMPORARY InnoDB tables with nullable columns     could cause a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update :

Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages.

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)

It was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3677)

It was discovered that MySQL incorrectly handled NULL arguments to IN() or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3678)

It was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3679)

It was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3680)

It was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3681)

It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3682)

It was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3683)

It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3833)

It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3834)

It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3835)

It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service.
(CVE-2010-3836)

It was discovered that MySQL incorrectly handled using GROUP_CONCAT() and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3837)

It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST() functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3838)

It was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-3839)

It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB() function. An authenticated user could exploit this to make MySQL crash, causing a denial of service.
(CVE-2010-3840).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201201-02 (MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MySQL. Please review       the CVE identifiers referenced below for details.
  Impact :

    An unauthenticated remote attacker may be able to execute arbitrary code       with the privileges of the MySQL process, cause a Denial of Service       condition, bypass security restrictions, uninstall arbitrary MySQL       plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks.
  Workaround :

    There is no known workaround at this time.

Versions of MySQL Community Server 5.1 earlier than 5.1.48 are potentially affected by a denial-of-service vulnerability.  The 'ALTER DATABASE' command can be misused by a user with 'ALTER' privileges to cause the MySQL data directory to become unusable.

ID	Name	Product	Family	Published	Updated	Severity
48226	Fedora 12 : mysql-5.1.47-2.fc12 (2010-11126)	Nessus	Fedora Local Security Checks	8/3/2010	1/11/2021	low
50016	openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)	Nessus	SuSE Local Security Checks	10/18/2010	1/14/2021	medium
47158	MySQL Community Server < 5.1.48 Denial of Service	Nessus	Databases	6/29/2010	11/15/2018	low
47840	Fedora 13 : mysql-5.1.48-2.fc13 (2010-11135)	Nessus	Fedora Local Security Checks	7/27/2010	1/11/2021	low
58325	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)	Nessus	Ubuntu Local Security Checks	3/13/2012	9/19/2019	high
48399	Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)	Nessus	Mandriva Local Security Checks	8/23/2010	1/6/2021	medium
50573	Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1017-1)	Nessus	Ubuntu Local Security Checks	11/12/2010	9/19/2019	medium
57446	GLSA-201201-02 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	1/6/2012	1/6/2021	high
5588	MySQL Community Server 5.1 < 5.1.48 Denial of Service Vulnerability	Nessus Network Monitor	Database	6/29/2010	3/6/2019	medium
801120	MySQL Community Server 5.1 < 5.1.48 Denial of Service Vulnerability	Log Correlation Engine	Database	6/29/2010		high

Detections

Analytics

Plugins Search

low

medium

low

low

high

medium

medium

high

medium

high