Mandriva Update For Mysql MDVSA-2010:093 (mysql) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered in mysql which would permit mysql users without any kind of privileges to use the UNINSTALL PLUGIN function. A problem was discovered in the mysqld init script which under certain circumstances could cause the service to exit too quickly, giving the [ OK ] status and before the mysql server was really started and bound to the mysql socket or IP address. This caused a problem for products like Pulse2. The corrected packages solves these problems.

Affected

mysql on Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64

Severity

Classification

CVE CVE-2010-1621

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:108 (zsh)
Mandrake Security Advisory MDVSA-2009:133 (irssi)
Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:004 (pam_mount)
Mandrake Security Advisory MDVSA-2009:212 (python)

Mandriva Update for mysql MDVSA-2010:093 (mysql)

Take action and discover your vulnerabilities