Vulnerabilities > CVE-2010-3676
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
Vulnerable Configurations
Exploit-Db
| description | Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability. CVE-2010-3676 . Dos exploit for linux platform |
| id | EDB-ID:34522 |
| last seen | 2016-02-03 |
| modified | 2010-07-09 |
| published | 2010-07-09 |
| reporter | Elena Stepanova |
| source | https://www.exploit-db.com/download/34522/ |
| title | Oracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service Vulnerability |
Nessus
NASL family Databases NASL id MYSQL_5_1_49.NASL description The version of MySQL Community Server installed on the remote host is earlier than 5.1.49 and thus potentially affected by multiple vulnerabilities: - DDL statements could cause the server to crash. (55039) - Joins involving a table with a unique SET column could cause the server to crash. (54575) - Incorrect handling of NULL arguments for IN or CASE operations involving the WITH ROLLUP modifier could cause the server to crash. (54477) - A malformed argument to the BINLOG statement could cause the server to crash. (54393) - Using TEMPORARY InnoDB tables with nullable columns could cause the server to crash. (54044) - Alternate reads with two indexes on a table using the HANDLER interface could cause the server to crash. (54007) - Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause the server to crash. (52711) - LOAD DATA INFILE did not check for SQL errors sent and even if errors were already reported, it sent an OK packet. Also, an assert was sometimes raised when it should not have been relating to client-server protocol checking in debug servers. (52512) last seen 2020-06-01 modified 2020-06-02 plugin id 48759 published 2010-08-26 reporter This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48759 title MySQL Community Server < 5.1.49 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(48759); script_version("1.12"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id( "CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683" ); script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646); script_xref(name:"Secunia", value:"41048"); script_name(english:"MySQL Community Server < 5.1.49 Multiple Vulnerabilities"); script_summary(english:"Checks version of MySQL 5.1 Server"); script_set_attribute(attribute:"synopsis", value:"The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL Community Server installed on the remote host is earlier than 5.1.49 and thus potentially affected by multiple vulnerabilities: - DDL statements could cause the server to crash. (55039) - Joins involving a table with a unique SET column could cause the server to crash. (54575) - Incorrect handling of NULL arguments for IN or CASE operations involving the WITH ROLLUP modifier could cause the server to crash. (54477) - A malformed argument to the BINLOG statement could cause the server to crash. (54393) - Using TEMPORARY InnoDB tables with nullable columns could cause the server to crash. (54044) - Alternate reads with two indexes on a table using the HANDLER interface could cause the server to crash. (54007) - Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause the server to crash. (52711) - LOAD DATA INFILE did not check for SQL errors sent and even if errors were already reported, it sent an OK packet. Also, an assert was sometimes raised when it should not have been relating to client-server protocol checking in debug servers. (52512)"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=55039"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=55475"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54477"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54393"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54044"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54007"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=52711"); script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=52512"); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"); script_set_attribute(attribute:"solution", value:"Upgrade to MySQL Community Server 5.1.49 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/09"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/26"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("mysql_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE); vuln = FALSE; if (mysql_init(port:port, exit_on_fail:TRUE) == 1) { variant = mysql_get_variant(); version = mysql_get_version(); ver_fields = split(version, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); if ( !isnull(variant) && "Community" >< variant && strlen(version) && major == 5 && minor == 1 && rev < 49 ) vuln = TRUE; } else exit(1, "Can't establish a MySQL connection on port "+port+"."); mysql_close(); if (vuln) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : 5.1.49\n'; datadir = get_kb_item('mysql/' + port + '/datadir'); if (!empty_or_null(datadir)) { report += ' Data Dir : ' + datadir + '\n'; } databases = get_kb_item('mysql/' + port + '/databases'); if (!empty_or_null(databases)) { report += ' Databases :\n' + databases; } security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else { if (isnull(variant)) exit(1, "Can't determine the variant of MySQL listening on port "+port+"."); else if ("Community" >< variant) exit(0, "MySQL version "+version+" is listening on port "+port+" and is not affected."); else exit(0, "MySQL "+variant+" is listening on port "+port+" and is not affected."); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-15147.NASL description Update to mysql 5.1.50, for numerous bug fixes including some low-grade security issues. See upstream release notes at : - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49726 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49726 title Fedora 14 : mysql-5.1.50-2.fc14 (2010-15147) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-15147. # include("compat.inc"); if (description) { script_id(49726); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683"); script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43677); script_xref(name:"FEDORA", value:"2010-15147"); script_name(english:"Fedora 14 : mysql-5.1.50-2.fc14 (2010-15147)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to mysql 5.1.50, for numerous bug fixes including some low-grade security issues. See upstream release notes at : - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html" ); # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628062" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628172" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628192" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628328" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628660" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628680" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=628698" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/048881.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?52e2458d" ); script_set_attribute(attribute:"solution", value:"Update the affected mysql package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"mysql-5.1.50-2.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-012.NASL description Multiple vulnerabilities has been found and corrected in mysql : storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement (CVE-2010-3676). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column (CVE-2010-3677). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier (CVE-2010-3678). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind (CVE-2010-3679). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure (CVE-2010-3680). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing alternate reads from two indexes on a table, which triggers an assertion failure (CVE-2010-3681). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted last seen 2020-06-01 modified 2020-06-02 plugin id 51804 published 2011-01-28 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51804 title Mandriva Linux Security Advisory : mysql (MDVSA-2011:012) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2011:012. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(51804); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683"); script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646); script_xref(name:"MDVSA", value:"2011:012"); script_name(english:"Mandriva Linux Security Advisory : mysql (MDVSA-2011:012)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in mysql : storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement (CVE-2010-3676). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column (CVE-2010-3677). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier (CVE-2010-3678). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind (CVE-2010-3679). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure (CVE-2010-3680). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing alternate reads from two indexes on a table, which triggers an assertion failure (CVE-2010-3681). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted 'SELECT ... UNION ... ORDER BY \(SELECT ... WHERE ...\)' statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function (CVE-2010-3682). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request (CVE-2010-3683). The updated packages have been upgraded to the latest (last) stable 5.1 release (5.1.54) to address these issues for both Mandriva Linux 2010.0 and 2010.2." ); script_set_attribute( attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html" ); script_set_attribute( attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html" ); script_set_attribute( attribute:"see_also", value:"https://www.mysql.com/support/eol-notice.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_pbxt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_pinba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_revision"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_sphinx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql16-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql-static-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql16-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-bench-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-client-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-common-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-common-core-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-core-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-doc-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-max-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-extra-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-management-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-storage-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-tools-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql16-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql-static-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql16-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-bench-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-client-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-common-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-common-core-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-core-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_pbxt-1.0.11-13.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_pinba-0.0.5-13.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_revision-0.1-13.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_sphinx-0.9.9-13.1mdv2010.2", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-02.NASL description The remote host is affected by the vulnerability described in GLSA-201201-02 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57446 published 2012-01-06 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57446 title GLSA-201201-02 : MySQL: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201201-02. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(57446); script_version("1.9"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2008-3963", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-4456", "CVE-2008-7247", "CVE-2009-2446", "CVE-2009-4019", "CVE-2009-4028", "CVE-2009-4484", "CVE-2010-1621", "CVE-2010-1626", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2008", "CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3834", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840"); script_bugtraq_id(29106, 31081, 31486, 35609, 37076, 37297, 37640, 37943, 38043, 39543, 40100, 40106, 40109, 40257, 41198, 42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43676); script_xref(name:"GLSA", value:"201201-02"); script_name(english:"GLSA-201201-02 : MySQL: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201201-02 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201201-02" ); script_set_attribute( attribute:"solution", value: "All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.1.56' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL CertDecoder::GetName Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_cwe_id(20, 59, 79, 119, 134, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.1.56"), vulnerable:make_list("lt 5.1.56"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MySQL"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_76B597E4E9C611DF9E10001B2134EF46.NASL description Adobe Product Security Incident Response Team reports : Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system. last seen 2020-06-01 modified 2020-06-02 plugin id 50505 published 2010-11-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50505 title FreeBSD : linux-flashplugin -- multiple vulnerabilities (76b597e4-e9c6-11df-9e10-001b2134ef46) NASL family Fedora Local Security Checks NASL id FEDORA_2010-15166.NASL description Update to mysql 5.1.50, for numerous bug fixes including some low-grade security issues. See upstream release notes at : - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49727 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49727 title Fedora 13 : mysql-5.1.50-2.fc13 (2010-15166) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBMYSQLCLIENT-DEVEL-101006.NASL description - local users could delete data files for tables of other users (CVE-2010-1626). - authenticated users could gather information for tables they should not have access to (CVE-2010-1849) - authenticated users could crash mysqld (CVE-2010-1848) - authenticated users could potentially execute arbitrary code as the user running mysqld (CVE-2010-1850) - authenticated users could crash mysqld (CVE-2010-3676, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-2008) - a race condition in /etc/init.d/mysql allowed local users to make any file readable via symlink in /var/tmp (CVE-2010-3675) last seen 2020-06-01 modified 2020-06-02 plugin id 50016 published 2010-10-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50016 title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)
References
- http://bugs.mysql.com/bug.php?id=55039
- http://bugs.mysql.com/bug.php?id=55039
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
- http://www.openwall.com/lists/oss-security/2010/09/28/10
- http://www.openwall.com/lists/oss-security/2010/09/28/10
- http://www.securityfocus.com/bid/42643
- http://www.securityfocus.com/bid/42643
- http://www.vupen.com/english/advisories/2011/0133
- http://www.vupen.com/english/advisories/2011/0133
- https://bugzilla.redhat.com/show_bug.cgi?id=628660
- https://bugzilla.redhat.com/show_bug.cgi?id=628660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64689
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64689