Mandriva Update For Mysql MDVSA-2008:017 (mysql) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement (CVE-2007-6303). The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns (CVE-2007-6304). The updated packages have been patched to correct these issues.

Affected

mysql on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-6303, CVE-2007-6304

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:117 (ntp)
Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:082 (krb5)
Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)
Mandrake Security Advisory MDVSA-2009:038 (blender)

Mandriva Update for mysql MDVSA-2008:017 (mysql)

Take action and discover your vulnerabilities