Auditorías de Seguridad de Red / Evaluación de vulnerabilidades de SecuritySpace

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory                       MDVSA-2010:155-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date    : November 8, 2010
Affected: 2009.1
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in mysql:

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:

* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512) (CVE-2010-3683)

* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER
BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
(CVE-2010-3682)

* The server could crash if there were alternate reads from two indexes
on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)

* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393) (CVE-2010-3679)

* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)

* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575) (CVE-2010-3677)

* Use of TEMPORARY  InnoDB tables with nullable columns could cause
a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update:

Packages for 2009.1 was not provided with the MDVSA-2010:155
advisory. This advisory provides the missing packages.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
http://bugs.mysql.com/bug.php?id=52512
http://bugs.mysql.com/bug.php?id=52711
http://bugs.mysql.com/bug.php?id=54007
http://bugs.mysql.com/bug.php?id=54393
http://bugs.mysql.com/bug.php?id=54477
http://bugs.mysql.com/bug.php?id=54575
http://bugs.mysql.com/bug.php?id=54044
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.1:
adfd92c6e4de06c22f7066b3880c7256  2009.1/i586/libmysql16-5.1.42-0.6mdv2009.1.i586.rpm
5961a072e203925f3e85895e71c6d114  2009.1/i586/libmysql-devel-5.1.42-0.6mdv2009.1.i586.rpm
87b2fb4508b2574b9610549cffe5d641  2009.1/i586/libmysql-static-devel-5.1.42-0.6mdv2009.1.i586.rpm
0bb6bc8032660f9441595a897e5e37c2  2009.1/i586/mysql-5.1.42-0.6mdv2009.1.i586.rpm
aa383ed18610327d12846a66d6d8b5bd  2009.1/i586/mysql-bench-5.1.42-0.6mdv2009.1.i586.rpm
5abcaf797500228df411a10e9c1dd5a0  2009.1/i586/mysql-client-5.1.42-0.6mdv2009.1.i586.rpm
883b4e34ece270efb56c2eaa60a3a5f0  2009.1/i586/mysql-common-5.1.42-0.6mdv2009.1.i586.rpm
9fb48d28f8df4cb00aea4362837d2c3f  2009.1/i586/mysql-doc-5.1.42-0.6mdv2009.1.i586.rpm
67c086070030addfd770cc4d4c3db6bf  2009.1/i586/mysql-max-5.1.42-0.6mdv2009.1.i586.rpm
51e5a59f9aca3d05bbfb9a036f90ea54  2009.1/i586/mysql-ndb-extra-5.1.42-0.6mdv2009.1.i586.rpm
d3da22f20148d43a625f3715f1d02be7  2009.1/i586/mysql-ndb-management-5.1.42-0.6mdv2009.1.i586.rpm
a1d895e569730d42bed74d2b3b54ee0e  2009.1/i586/mysql-ndb-storage-5.1.42-0.6mdv2009.1.i586.rpm
9db83e6bd1b332ed2bcfa55c3d1cbf11  2009.1/i586/mysql-ndb-tools-5.1.42-0.6mdv2009.1.i586.rpm
39c0f1c0030455d78aa1f6c240e78f42  2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
81c56209ceffc1c4a8718beed142e0bd  2009.1/x86_64/lib64mysql16-5.1.42-0.6mdv2009.1.x86_64.rpm
fca597b87c3f7d5d5ca40f6c24afe2c3  2009.1/x86_64/lib64mysql-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
8287471cd70b341806f7e72a16222e68  2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
5f4a264351859a08b259178c7fb6709e  2009.1/x86_64/mysql-5.1.42-0.6mdv2009.1.x86_64.rpm
d5fd6ed95e52ffa75055b2e23ea880e1  2009.1/x86_64/mysql-bench-5.1.42-0.6mdv2009.1.x86_64.rpm
2621cfecdf4b53bfe363d99a9225ca31  2009.1/x86_64/mysql-client-5.1.42-0.6mdv2009.1.x86_64.rpm
1960228ef94d993486ab73a58323cc3e  2009.1/x86_64/mysql-common-5.1.42-0.6mdv2009.1.x86_64.rpm
dd4821845d060dd6dac38217cc8cac66  2009.1/x86_64/mysql-doc-5.1.42-0.6mdv2009.1.x86_64.rpm
65432b5801c2ac0b4f2c536a816bc06d  2009.1/x86_64/mysql-max-5.1.42-0.6mdv2009.1.x86_64.rpm
3cf458db3d034e5998bccb70c006b71a  2009.1/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2009.1.x86_64.rpm
dea28a0be7cfcd99d942ce22f7999308  2009.1/x86_64/mysql-ndb-management-5.1.42-0.6mdv2009.1.x86_64.rpm
45329f869ffee6b497ad73da0a81019f  2009.1/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2009.1.x86_64.rpm
72e2f6029c889723d0f003ffdbf007d1  2009.1/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2009.1.x86_64.rpm
39c0f1c0030455d78aa1f6c240e78f42  2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.  You can obtain the
GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM2AekmqjQ0CJFipgRAqwGAJ0dZsRuXRZ1OfiVCwbWUNj3i3zo4ACgwnsn
aN2rtXXq0VzlsNd0DLVdRvw=
=/o8P
-----END PGP SIGNATURE-----