Vulnerabilities > CVE-2010-3676 - Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.49 'DDL' Statements

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
mysql
oracle
nessus
exploit available

Summary

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

Exploit-Db

descriptionOracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability. CVE-2010-3676 . Dos exploit for linux platform
idEDB-ID:34522
last seen2016-02-03
modified2010-07-09
published2010-07-09
reporterElena Stepanova
sourcehttps://www.exploit-db.com/download/34522/
titleOracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service Vulnerability

Nessus

  • NASL familyDatabases
    NASL idMYSQL_5_1_49.NASL
    descriptionThe version of MySQL Community Server installed on the remote host is earlier than 5.1.49 and thus potentially affected by multiple vulnerabilities: - DDL statements could cause the server to crash. (55039) - Joins involving a table with a unique SET column could cause the server to crash. (54575) - Incorrect handling of NULL arguments for IN or CASE operations involving the WITH ROLLUP modifier could cause the server to crash. (54477) - A malformed argument to the BINLOG statement could cause the server to crash. (54393) - Using TEMPORARY InnoDB tables with nullable columns could cause the server to crash. (54044) - Alternate reads with two indexes on a table using the HANDLER interface could cause the server to crash. (54007) - Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause the server to crash. (52711) - LOAD DATA INFILE did not check for SQL errors sent and even if errors were already reported, it sent an OK packet. Also, an assert was sometimes raised when it should not have been relating to client-server protocol checking in debug servers. (52512)
    last seen2020-06-01
    modified2020-06-02
    plugin id48759
    published2010-08-26
    reporterThis script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48759
    titleMySQL Community Server < 5.1.49 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(48759);
      script_version("1.12");
      script_cvs_date("Date: 2018/11/15 20:50:21");
    
      script_cve_id(
        "CVE-2010-3676",
        "CVE-2010-3677",
        "CVE-2010-3678",
        "CVE-2010-3679",
        "CVE-2010-3680",
        "CVE-2010-3681",
        "CVE-2010-3682",
        "CVE-2010-3683"
      );
      script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646);
      script_xref(name:"Secunia", value:"41048");
    
      script_name(english:"MySQL Community Server < 5.1.49 Multiple Vulnerabilities");
      script_summary(english:"Checks version of MySQL 5.1 Server");
    
      script_set_attribute(attribute:"synopsis", value:"The remote database server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL Community Server installed on the remote host is
    earlier than 5.1.49 and thus potentially affected by multiple
    vulnerabilities:
    
      - DDL statements could cause the server to crash. (55039)
    
      - Joins involving a table with a unique SET column could
        cause the server to crash. (54575)
    
      - Incorrect handling of NULL arguments for IN or CASE
        operations involving the WITH ROLLUP modifier could
        cause the server to crash. (54477)
    
      - A malformed argument to the BINLOG statement could
        cause the server to crash. (54393)
    
      - Using TEMPORARY InnoDB tables with nullable columns
        could cause the server to crash. (54044)
    
      - Alternate reads with two indexes on a table using the
        HANDLER interface could cause the server to crash.
        (54007)
    
      - Using EXPLAIN with queries of the form SELECT ... UNION
        ... ORDER BY (SELECT ... WHERE ...) could cause the
        server to crash. (52711)
    
      - LOAD DATA INFILE did not check for SQL errors sent and
        even if errors were already reported, it sent an OK
        packet. Also, an assert was sometimes raised when it
        should not have been relating to client-server protocol
        checking in debug servers. (52512)");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=55039");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=55475");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54477");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54393");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54044");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54007");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=52711");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=52512");
      script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to MySQL Community Server 5.1.49 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/26");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("mysql_func.inc");
    
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    
    port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE);
    vuln = FALSE;
    
    if (mysql_init(port:port, exit_on_fail:TRUE) == 1)
    {
      variant = mysql_get_variant();
      version = mysql_get_version();
      ver_fields = split(version, sep:'.', keep:FALSE);
      major = int(ver_fields[0]);
      minor = int(ver_fields[1]);
      rev = int(ver_fields[2]);
    
      if (
        !isnull(variant) && "Community" >< variant &&
        strlen(version) &&
        major == 5 && minor == 1 && rev < 49
      ) vuln = TRUE;
    
    }
    else exit(1, "Can't establish a MySQL connection on port "+port+".");
    mysql_close();
    
    if (vuln)
    {
      if (report_verbosity > 0)
      {
        report = '\n  Installed version : ' + version +
                 '\n  Fixed version     : 5.1.49\n';
        datadir = get_kb_item('mysql/' + port + '/datadir');
        if (!empty_or_null(datadir))
        {
          report += '  Data Dir          : ' + datadir + '\n';
        }
        databases = get_kb_item('mysql/' + port + '/databases');
        if (!empty_or_null(databases))
        { 
          report += '  Databases         :\n' + databases;
        }
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else
    {
      if (isnull(variant)) exit(1, "Can't determine the variant of MySQL listening on port "+port+".");
      else if ("Community" >< variant) exit(0, "MySQL version "+version+" is listening on port "+port+" and is not affected.");
      else exit(0, "MySQL "+variant+" is listening on port "+port+" and is not affected.");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-15147.NASL
    descriptionUpdate to mysql 5.1.50, for numerous bug fixes including some low-grade security issues. See upstream release notes at : - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49726
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49726
    titleFedora 14 : mysql-5.1.50-2.fc14 (2010-15147)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-15147.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49726);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683");
      script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43677);
      script_xref(name:"FEDORA", value:"2010-15147");
    
      script_name(english:"Fedora 14 : mysql-5.1.50-2.fc14 (2010-15147)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to mysql 5.1.50, for numerous bug fixes including some
    low-grade security issues.
    
    See upstream release notes at :
    
      - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
    
        -
          http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm
          l
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"
      );
      # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628328"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628680"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=628698"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/048881.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?52e2458d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mysql package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"mysql-5.1.50-2.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-012.NASL
    descriptionMultiple vulnerabilities has been found and corrected in mysql : storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement (CVE-2010-3676). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column (CVE-2010-3677). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier (CVE-2010-3678). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind (CVE-2010-3679). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure (CVE-2010-3680). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing alternate reads from two indexes on a table, which triggers an assertion failure (CVE-2010-3681). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id51804
    published2011-01-28
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51804
    titleMandriva Linux Security Advisory : mysql (MDVSA-2011:012)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2011:012. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51804);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:53");
    
      script_cve_id("CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683");
      script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646);
      script_xref(name:"MDVSA", value:"2011:012");
    
      script_name(english:"Mandriva Linux Security Advisory : mysql (MDVSA-2011:012)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in mysql :
    
    storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49
    allows remote authenticated users to cause a denial of service
    (assertion failure) by modifying the (1) innodb_file_format or (2)
    innodb_file_per_table configuration parameters for the InnoDB storage
    engine, then executing a DDL statement (CVE-2010-3676).
    
    MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
    authenticated users to cause a denial of service (mysqld daemon crash)
    via a join query that uses a table with a unique SET column
    (CVE-2010-3677).
    
    MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
    denial of service (crash) via (1) IN or (2) CASE operations with NULL
    arguments that are explicitly specified or indirectly provided by the
    WITH ROLLUP modifier (CVE-2010-3678).
    
    MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
    denial of service (mysqld daemon crash) via certain arguments to the
    BINLOG command, which triggers an access of uninitialized memory, as
    demonstrated by valgrind (CVE-2010-3679).
    
    MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
    denial of service (mysqld daemon crash) by creating temporary tables
    while using InnoDB, which triggers an assertion failure
    (CVE-2010-3680).
    
    MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote
    authenticated users to cause a denial of service (mysqld daemon crash)
    by using the HANDLER interface and performing alternate reads from two
    indexes on a table, which triggers an assertion failure
    (CVE-2010-3681).
    
    MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
    authenticated users to cause a denial of service (mysqld daemon crash)
    by using EXPLAIN with crafted 'SELECT ... UNION ... ORDER BY \(SELECT
    ... WHERE ...\)' statements, which triggers a NULL pointer dereference
    in the Item_singlerow_subselect::store function (CVE-2010-3682).
    
    MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a
    LOAD DATA INFILE request generates SQL errors, which allows remote
    authenticated users to cause a denial of service (mysqld daemon crash)
    via a crafted request (CVE-2010-3683).
    
    The updated packages have been upgraded to the latest (last) stable
    5.1 release (5.1.54) to address these issues for both Mandriva Linux
    2010.0 and 2010.2."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mysql.com/support/eol-notice.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_pbxt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_pinba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_revision");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_sphinx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql16-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql-static-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql16-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-bench-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-client-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-common-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-common-core-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-core-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-doc-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-max-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-extra-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-management-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-storage-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-tools-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql16-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql-static-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql16-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-bench-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-client-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-common-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-common-core-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-core-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_pbxt-1.0.11-13.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_pinba-0.0.5-13.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_revision-0.1-13.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_sphinx-0.9.9-13.1mdv2010.2", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201201-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201201-02 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id57446
    published2012-01-06
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57446
    titleGLSA-201201-02 : MySQL: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201201-02.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57446);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2008-3963", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-4456", "CVE-2008-7247", "CVE-2009-2446", "CVE-2009-4019", "CVE-2009-4028", "CVE-2009-4484", "CVE-2010-1621", "CVE-2010-1626", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2008", "CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3834", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840");
      script_bugtraq_id(29106, 31081, 31486, 35609, 37076, 37297, 37640, 37943, 38043, 39543, 40100, 40106, 40109, 40257, 41198, 42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43676);
      script_xref(name:"GLSA", value:"201201-02");
    
      script_name(english:"GLSA-201201-02 : MySQL: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201201-02
    (MySQL: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in MySQL. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        An unauthenticated remote attacker may be able to execute arbitrary code
          with the privileges of the MySQL process, cause a Denial of Service
          condition, bypass security restrictions, uninstall arbitrary MySQL
          plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201201-02"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All MySQL users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.1.56'
        NOTE: This is a legacy GLSA. Updates for all affected architectures are
          available since May 14, 2011. It is likely that your system is already no
          longer affected by this issue."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL CertDecoder::GetName Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
      script_cwe_id(20, 59, 79, 119, 134, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.1.56"), vulnerable:make_list("lt 5.1.56"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MySQL");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_76B597E4E9C611DF9E10001B2134EF46.NASL
    descriptionAdobe Product Security Incident Response Team reports : Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.
    last seen2020-06-01
    modified2020-06-02
    plugin id50505
    published2010-11-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50505
    titleFreeBSD : linux-flashplugin -- multiple vulnerabilities (76b597e4-e9c6-11df-9e10-001b2134ef46)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-15166.NASL
    descriptionUpdate to mysql 5.1.50, for numerous bug fixes including some low-grade security issues. See upstream release notes at : - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49727
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49727
    titleFedora 13 : mysql-5.1.50-2.fc13 (2010-15166)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBMYSQLCLIENT-DEVEL-101006.NASL
    description - local users could delete data files for tables of other users (CVE-2010-1626). - authenticated users could gather information for tables they should not have access to (CVE-2010-1849) - authenticated users could crash mysqld (CVE-2010-1848) - authenticated users could potentially execute arbitrary code as the user running mysqld (CVE-2010-1850) - authenticated users could crash mysqld (CVE-2010-3676, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-2008) - a race condition in /etc/init.d/mysql allowed local users to make any file readable via symlink in /var/tmp (CVE-2010-3675)
    last seen2020-06-01
    modified2020-06-02
    plugin id50016
    published2010-10-18
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50016
    titleopenSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)