Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23063
HistoryJan 19, 2010 - 12:00 a.m.

[ MDVSA-2010:012 ] mysql

2010-01-1900:00:00
vulners.com
36
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2010:012
http://www.mandriva.com/security/

Package : mysql
Date : January 17, 2010
Affected: 2009.1, 2010.0

Problem Description:

Multiple vulnerabilities has been found and corrected in mysql:

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does
not (1) properly handle errors during execution of certain SELECT
statements with subqueries, and does not (2) preserve certain
null_value flags during execution of statements that use the
GeomFromWKB function, which allows remote authenticated users to
cause a denial of service (daemon crash) via a crafted statement
(CVE-2009-4019).

The vio_verify_callback function in viosslfactories.c in MySQL
5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,
accepts a value of zero for the depth of X.509 certificates, which
allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL
servers via a crafted certificate, as demonstrated by a certificate
presented by a server linked against the yaSSL library (CVE-2009-4028).

MySQL 5.1.x before 5.1.41 allows local users to bypass certain
privilege checks by calling CREATE TABLE on a MyISAM table with
modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments
that are originally associated with pathnames without symlinks,
and that can point to tables created at a future time at which a
pathname is modified to contain a symlink to a subdirectory of the
MySQL data home directory, related to incorrect calculation of the
mysql_unpacked_real_data_home value. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079
(CVE-2009-4030).

The updated packages have been patched to correct these
issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded
to the latest stable 5.1 release (5.1.42).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-37.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-42.html

Updated Packages:

Mandriva Linux 2009.1:
2052354eb2f57325cc5a351aa8e7fa17 2009.1/i586/libmysql16-5.1.42-0.1mdv2009.1.i586.rpm
f8b86535e2b9304340b95fc6b5e5ed53 2009.1/i586/libmysql-devel-5.1.42-0.1mdv2009.1.i586.rpm
0b2b4f3359a6b44614daf30e921faebf 2009.1/i586/libmysql-static-devel-5.1.42-0.1mdv2009.1.i586.rpm
0a007a4249e801fcf6ba7112c79e125b 2009.1/i586/mysql-5.1.42-0.1mdv2009.1.i586.rpm
87664cc60c044a8415d54d4e1169556c 2009.1/i586/mysql-bench-5.1.42-0.1mdv2009.1.i586.rpm
ec0a34be2a2abd3890e3b6163099231b 2009.1/i586/mysql-client-5.1.42-0.1mdv2009.1.i586.rpm
5f1526147c19c5dac3d5e926e75e6108 2009.1/i586/mysql-common-5.1.42-0.1mdv2009.1.i586.rpm
53894c10ef4d4e1384d55bf6d957d03b 2009.1/i586/mysql-doc-5.1.42-0.1mdv2009.1.i586.rpm
af10d4d0e4efb516dc8228df3b6e0b04 2009.1/i586/mysql-max-5.1.42-0.1mdv2009.1.i586.rpm
a950628d61d6941c5334040527b187b3 2009.1/i586/mysql-ndb-extra-5.1.42-0.1mdv2009.1.i586.rpm
5ef3d1368951afda87ce339ac3f40702 2009.1/i586/mysql-ndb-management-5.1.42-0.1mdv2009.1.i586.rpm
939043e470320d048c61ba731e58eedb 2009.1/i586/mysql-ndb-storage-5.1.42-0.1mdv2009.1.i586.rpm
b575199f57235a93ab35f1d21b09106b 2009.1/i586/mysql-ndb-tools-5.1.42-0.1mdv2009.1.i586.rpm
7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
83694bc1ab6c44f9ad081a385db8e137 2009.1/x86_64/lib64mysql16-5.1.42-0.1mdv2009.1.x86_64.rpm
efeb723e6c2f03878d3c7a98c70b08fc 2009.1/x86_64/lib64mysql-devel-5.1.42-0.1mdv2009.1.x86_64.rpm
36dd02fdbc2fbb752cee1d5dd80b2687 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2009.1.x86_64.rpm
6d0f276c904e851e94e21fd33064bf84 2009.1/x86_64/mysql-5.1.42-0.1mdv2009.1.x86_64.rpm
783bb174310ca9f2d713f83cf6d1ef88 2009.1/x86_64/mysql-bench-5.1.42-0.1mdv2009.1.x86_64.rpm
4e63f4cc681ea7647a4a6d741b272a5b 2009.1/x86_64/mysql-client-5.1.42-0.1mdv2009.1.x86_64.rpm
0387ea642a706affc7ea43996786995b 2009.1/x86_64/mysql-common-5.1.42-0.1mdv2009.1.x86_64.rpm
57a3b2e0d7f89cf6c529317f96aa175d 2009.1/x86_64/mysql-doc-5.1.42-0.1mdv2009.1.x86_64.rpm
754919090d5355395a2f36025b0a6370 2009.1/x86_64/mysql-max-5.1.42-0.1mdv2009.1.x86_64.rpm
f7b6cff4ab3d2679107c8b5a1f0d1209 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2009.1.x86_64.rpm
526aec7bd783d54a9ba354098f88cb53 2009.1/x86_64/mysql-ndb-management-5.1.42-0.1mdv2009.1.x86_64.rpm
5c21900db14347e6e04979e9edeafc7c 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2009.1.x86_64.rpm
3011a3d4a3a83b563933909446c4e5a2 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2009.1.x86_64.rpm
7da4fea0d689631b6dc395cd5e80607e 2009.1/SRPMS/mysql-5.1.42-0.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
d8b966d905db88c7a5f78b350b2d197b 2010.0/i586/libmysql16-5.1.42-0.1mdv2010.0.i586.rpm
97890a292a3ad4bfbb9a12bbf4526b65 2010.0/i586/libmysql-devel-5.1.42-0.1mdv2010.0.i586.rpm
abdfe57c2b25ff668b9f972efa4bec28 2010.0/i586/libmysql-static-devel-5.1.42-0.1mdv2010.0.i586.rpm
de115ca3e80cb4a54970590eae0caf74 2010.0/i586/mysql-5.1.42-0.1mdv2010.0.i586.rpm
b1af15f0e00bd2824092dac21d28a59d 2010.0/i586/mysql-bench-5.1.42-0.1mdv2010.0.i586.rpm
67beec0620551eb817d09e4dd2ed32a6 2010.0/i586/mysql-client-5.1.42-0.1mdv2010.0.i586.rpm
e7979f8b6015a750d09593478cfcccc2 2010.0/i586/mysql-common-5.1.42-0.1mdv2010.0.i586.rpm
1e403dda77399cac91522b99c5a77a94 2010.0/i586/mysql-common-core-5.1.42-0.1mdv2010.0.i586.rpm
c06bcd5a5c0acb43f270f5d7ace9d417 2010.0/i586/mysql-core-5.1.42-0.1mdv2010.0.i586.rpm
155d7edf8bf7760c644733671d04dda2 2010.0/i586/mysql-doc-5.1.42-0.1mdv2010.0.i586.rpm
8a7c42ba34efd2f8f1c74491f30bac7c 2010.0/i586/mysql-max-5.1.42-0.1mdv2010.0.i586.rpm
1d1eb124a30062c8229eacee947fab6b 2010.0/i586/mysql-ndb-extra-5.1.42-0.1mdv2010.0.i586.rpm
e6133a08e26f7983f9cb9b7b67b75ca9 2010.0/i586/mysql-ndb-management-5.1.42-0.1mdv2010.0.i586.rpm
9372040b6d57968315f459a688a7fdab 2010.0/i586/mysql-ndb-storage-5.1.42-0.1mdv2010.0.i586.rpm
a74218625b766d72ae38c2c1476cf3e6 2010.0/i586/mysql-ndb-tools-5.1.42-0.1mdv2010.0.i586.rpm
ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
2930d2e7a334341d082bdec1c2ad261f 2010.0/x86_64/lib64mysql16-5.1.42-0.1mdv2010.0.x86_64.rpm
8ca967411d87705edcced52cc8281744 2010.0/x86_64/lib64mysql-devel-5.1.42-0.1mdv2010.0.x86_64.rpm
71af52b4b8cd37ec37141fe56b0bea1c 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.1mdv2010.0.x86_64.rpm
f8ff5f7cdd6054da4c81e3a741d9fb22 2010.0/x86_64/mysql-5.1.42-0.1mdv2010.0.x86_64.rpm
2b7d818a2edd120aba01e525fc51e647 2010.0/x86_64/mysql-bench-5.1.42-0.1mdv2010.0.x86_64.rpm
4896e7cfb9818e740de6586d6de18e8f 2010.0/x86_64/mysql-client-5.1.42-0.1mdv2010.0.x86_64.rpm
7904e902d0dd12a611fef6d4fe74d188 2010.0/x86_64/mysql-common-5.1.42-0.1mdv2010.0.x86_64.rpm
4ad977d5b0a3d8bd29d482f35ee41516 2010.0/x86_64/mysql-common-core-5.1.42-0.1mdv2010.0.x86_64.rpm
72ae82e587c92165a72467e30560b42f 2010.0/x86_64/mysql-core-5.1.42-0.1mdv2010.0.x86_64.rpm
7585cdb1a7065c522d3d71c91c13071f 2010.0/x86_64/mysql-doc-5.1.42-0.1mdv2010.0.x86_64.rpm
50936bad8898af9a9ecbab9f51a884c5 2010.0/x86_64/mysql-max-5.1.42-0.1mdv2010.0.x86_64.rpm
2ef542022c6437fa4df25e7b46c804dd 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.1mdv2010.0.x86_64.rpm
b20519b0f4fb8ca438c8105a1305b45d 2010.0/x86_64/mysql-ndb-management-5.1.42-0.1mdv2010.0.x86_64.rpm
32d5eb57ba08af5420e44777ea2bbd98 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.1mdv2010.0.x86_64.rpm
607848d02f7cffdf3169c7dbce65e75f 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.1mdv2010.0.x86_64.rpm
ca60b4ffe2c95cb2db29a1a1e2523924 2010.0/SRPMS/mysql-5.1.42-0.1mdv2010.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLU3VUmqjQ0CJFipgRAmhhAJ91sCoRByeEVFdzAULLmfs0t6vOsACaArA+
fPZMuPMkwgub9aN1Xva9v1Q=
=2/XR
-----END PGP SIGNATURE-----

Related

nessus 58
openvas 70
cve 8
prion 8
ubuntucve 8
centos 3
redhat 4
oraclelinux 3
securityvulns 5
fedora 7
freebsd 2
osv 3
debian 5
ubuntu 2
seebug 6
veracode 6
gentoo 1
nessus
nessus
Scientific Linux Security Update : mysql on SL5.x i386/x86_64
2012-08-01 00:00:00
Mandriva Linux Security Advisory : mysql (MDVSA-2010:011)
2010-01-18 00:00:00
Oracle Linux 5 : mysql (ELSA-2010-0109)
2013-07-12 00:00:00
openvas
openvas
CentOS Update for mysql CESA-2010:0109 centos5 i386
2011-08-09 00:00:00
Mandriva Update for mysql MDVSA-2010:012 (mysql)
2010-01-19 00:00:00
RedHat Update for mysql RHSA-2010:0109-01
2010-02-19 00:00:00
cve
cve
CVE-2009-4030
2009-11-30 17:30:00
CVE-2008-2079
2008-05-05 16:20:00
CVE-2009-4028
2009-11-30 17:30:00
prion
prion
Privilege escalation
2009-11-30 17:30:00
Privilege escalation
2008-05-05 16:20:00
Code injection
2009-11-30 17:30:00
ubuntucve
ubuntucve
CVE-2009-4030
2009-11-30 00:00:00
CVE-2008-2079
2008-05-05 00:00:00
CVE-2009-4028
2009-11-30 00:00:00
centos
centos
mysql security update
2010-03-01 18:43:17
mysql security update
2010-02-17 16:42:25
mysql security update
2013-01-09 20:34:31
redhat
redhat
(RHSA-2010:0109) Moderate: mysql security update
2010-02-16 00:00:00
(RHSA-2010:0110) Moderate: mysql security update
2010-02-16 00:00:00
(RHSA-2008:0510) Moderate: Red Hat Application Stack v1.3 security and enhancement update
2008-07-02 00:00:00
oraclelinux
oraclelinux
mysql security update
2010-02-16 00:00:00
mysql security update
2010-02-16 00:00:00
mysql security and bug fix update
2013-01-11 00:00:00
securityvulns
securityvulns
MySQL multiple security vulnerabilities
2010-01-19 00:00:00
MySQL privilege escalation
2008-11-10 00:00:00
[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-11-10 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: mysql-5.1.41-2.fc12
2009-12-22 04:48:21
[SECURITY] Fedora 11 Update: mysql-5.1.41-2.fc11
2009-12-22 04:54:08
[SECURITY] Fedora 11 Update: mysql-5.1.42-7.fc11
2010-02-02 01:06:45
freebsd
freebsd
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
2008-07-03 00:00:00
mysql -- MyISAM table privileges security bypass vulnerability
2008-05-05 00:00:00
osv
osv
mysql-dfsg-5.0 - several vulnerabilities
2010-02-14 00:00:00
mysql-dfsg-5.0 - authorization bypass
2008-07-13 00:00:00
mysql-dfsg-5.0 - authorization bypass
2008-11-06 00:00:00
debian
debian
[SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
2010-02-14 12:28:59
[SECURITY] [DSA-1997-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
2010-02-14 12:28:59
[SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-07-13 04:55:16
ubuntu
ubuntu
MySQL vulnerabilities
2010-02-10 00:00:00
MySQL vulnerabilities
2008-11-17 00:00:00
seebug
seebug
MySQL vulnerabilities
2010-02-13 00:00:00
MySQL MyISAM表符号链接本地权限提升漏洞
2009-12-02 00:00:00
MySQL MyISAM表绕过权限检查漏洞
2008-05-12 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:22:36
Spoofing Attack
2020-04-10 00:43:12
Privilege Escalation
2020-04-10 00:43:13
gentoo
gentoo
MySQL: Privilege bypass
2008-09-04 00:00:00
JSON
Related for SECURITYVULNS:DOC:23063
nessus58openvas70cve8prion8ubuntucve8centos3redhat4oraclelinux3securityvulns5fedora7freebsd2osv3debian5ubuntu2seebug6veracode6gentoo1