exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.139

Mandriva Linux Security Advisory 2007.139
Posted Jul 7, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-1420, CVE-2007-2583, CVE-2007-2691
SHA-256 | 4cd2dfda3abd3da192347bfa5dc015404e12766bbaff61198e938995406ef8ed

Mandriva Linux Security Advisory 2007.139

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:139
http://www.mandriva.com/security/
_______________________________________________________________________

Package : MySQL
Date : July 4, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

MySQL 5.x before 5.0.36 allows local users to cause a denial of service
(database crash) by performing information_schema table subselects
and using ORDER BY to sort a single-row result, which prevents
certain structure elements from being initialized and triggers a
NULL dereference in the filesort function. This issue does not affect
MySQL 5.0.37 in Mandriva Linux 2007.1. (CVE-2007-1420)

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40,
and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause
a denial of service (crash) via a crafted IF clause that results in
a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18
does not require the DROP privilege for RENAME TABLE statements,
which allows remote authenticated users to rename arbitrary
tables. (CVE-2007-2691)

Updated packages have been patched to prevent the above issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
21bf6c3cf8908d8ec01317dbbaeda4d4 2007.0/i586/MySQL-5.0.24a-2.1mdv2007.0.i586.rpm
af81d1d15cceb0906b17ed905c8027c6 2007.0/i586/MySQL-Max-5.0.24a-2.1mdv2007.0.i586.rpm
a90669dfc21494a4453bc31620513b82 2007.0/i586/MySQL-bench-5.0.24a-2.1mdv2007.0.i586.rpm
bd4a71a850f5df9c7583d7eff0fa2a88 2007.0/i586/MySQL-client-5.0.24a-2.1mdv2007.0.i586.rpm
6cbd4325f98ba34c3c0c07da93edf9f7 2007.0/i586/MySQL-common-5.0.24a-2.1mdv2007.0.i586.rpm
a7eef0dd7b38e3a704b49d57d9cae953 2007.0/i586/MySQL-ndb-extra-5.0.24a-2.1mdv2007.0.i586.rpm
1165add80c08fdbe13c9d0906340a998 2007.0/i586/MySQL-ndb-management-5.0.24a-2.1mdv2007.0.i586.rpm
1dab5164b03c4689a9289e5b8e4c1b83 2007.0/i586/MySQL-ndb-storage-5.0.24a-2.1mdv2007.0.i586.rpm
cfc946c33e31cad4eb3d2cee60101af8 2007.0/i586/MySQL-ndb-tools-5.0.24a-2.1mdv2007.0.i586.rpm
25fa8c6756256c4dd67ece5a36651394 2007.0/i586/libmysql15-5.0.24a-2.1mdv2007.0.i586.rpm
a36d220223051510d41b4f9a4505cc21 2007.0/i586/libmysql15-devel-5.0.24a-2.1mdv2007.0.i586.rpm
6257cf37dd793e4e28079e24d85371cf 2007.0/i586/libmysql15-static-devel-5.0.24a-2.1mdv2007.0.i586.rpm
61fd5383c89b7599741d3627c6a568f2 2007.0/SRPMS/MySQL-5.0.24a-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
3cc829514ba910e9d3118874a3390e51 2007.0/x86_64/MySQL-5.0.24a-2.1mdv2007.0.x86_64.rpm
6f84bac1c088b0ef773dcdc051de08e5 2007.0/x86_64/MySQL-Max-5.0.24a-2.1mdv2007.0.x86_64.rpm
84e4c7c9cbd439444bfb3353994e8d23 2007.0/x86_64/MySQL-bench-5.0.24a-2.1mdv2007.0.x86_64.rpm
96ac718984a765f95002a0ee934e93cd 2007.0/x86_64/MySQL-client-5.0.24a-2.1mdv2007.0.x86_64.rpm
1bed2bc4d5c4f5700b13495d8bb6f3c4 2007.0/x86_64/MySQL-common-5.0.24a-2.1mdv2007.0.x86_64.rpm
55ea8d680cfdeaf48eeacf3aa789ab19 2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.1mdv2007.0.x86_64.rpm
4047515dedd71ffe9c6fd4268e25f115 2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.1mdv2007.0.x86_64.rpm
05c75e22bf10cff94581eaa3096c2e47 2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.1mdv2007.0.x86_64.rpm
c105dd5a6a0c96ad00795183ed9f6ae8 2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.1mdv2007.0.x86_64.rpm
41c0722f531c0af55c3b2d621c29f009 2007.0/x86_64/lib64mysql15-5.0.24a-2.1mdv2007.0.x86_64.rpm
58801989259c4983f0201bab1bdb4d0e 2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.1mdv2007.0.x86_64.rpm
dc9cbf9b7edc50053dbad01c988667c1 2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.1mdv2007.0.x86_64.rpm
61fd5383c89b7599741d3627c6a568f2 2007.0/SRPMS/MySQL-5.0.24a-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
96494772204a2bbf2be3832500782456 2007.1/i586/MySQL-5.0.37-2.1mdv2007.1.i586.rpm
4c0fdbce214a1b313d5157a1b455c2f4 2007.1/i586/MySQL-Max-5.0.37-2.1mdv2007.1.i586.rpm
8b068d834518bdb3dc1f5f92bb496b8b 2007.1/i586/MySQL-bench-5.0.37-2.1mdv2007.1.i586.rpm
654367537e3d73b9913e7f49e9e368cc 2007.1/i586/MySQL-client-5.0.37-2.1mdv2007.1.i586.rpm
eb29ca9f2ba5bcddd89dfba36b33b608 2007.1/i586/MySQL-common-5.0.37-2.1mdv2007.1.i586.rpm
c5d4e06f21fbc62ef670b708125ff156 2007.1/i586/MySQL-ndb-extra-5.0.37-2.1mdv2007.1.i586.rpm
0f38ad5a905ee7b11a793fd8f96ebf72 2007.1/i586/MySQL-ndb-management-5.0.37-2.1mdv2007.1.i586.rpm
4e4c72d48124ddffe141caffa291eb7e 2007.1/i586/MySQL-ndb-storage-5.0.37-2.1mdv2007.1.i586.rpm
598327f4a6954b7d66ae670150423d10 2007.1/i586/MySQL-ndb-tools-5.0.37-2.1mdv2007.1.i586.rpm
0b3bb96443df3752707f4f350aa82795 2007.1/i586/libmysql15-5.0.37-2.1mdv2007.1.i586.rpm
4a04bedbd2ee2645c884e2b43bfb8148 2007.1/i586/libmysql15-devel-5.0.37-2.1mdv2007.1.i586.rpm
93e902375f1fe1e6748c6770aa727cfb 2007.1/i586/libmysql15-static-devel-5.0.37-2.1mdv2007.1.i586.rpm
20002982712cf20e3b568952153bf934 2007.1/SRPMS/MySQL-5.0.37-2.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
ce3cf3bd485bc610d6206b8e9c485bec 2007.1/x86_64/MySQL-5.0.37-2.1mdv2007.1.x86_64.rpm
cd61f695c1b2bb7936f6e7c6f9852a03 2007.1/x86_64/MySQL-Max-5.0.37-2.1mdv2007.1.x86_64.rpm
130ab74a2ecb353740fa3ce72de0d2e1 2007.1/x86_64/MySQL-bench-5.0.37-2.1mdv2007.1.x86_64.rpm
d19473f9ef587d648ba9eb9432cabb96 2007.1/x86_64/MySQL-client-5.0.37-2.1mdv2007.1.x86_64.rpm
9a7242331c11e17774778e25cc070bfb 2007.1/x86_64/MySQL-common-5.0.37-2.1mdv2007.1.x86_64.rpm
af8a57d23ba18c6d26d6c8e86c78ecd5 2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.1mdv2007.1.x86_64.rpm
a485fdba11c17a31736304ec4c350219 2007.1/x86_64/MySQL-ndb-management-5.0.37-2.1mdv2007.1.x86_64.rpm
71740a48d949c431ab93147ae9a1f016 2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.1mdv2007.1.x86_64.rpm
c75e0882938222abed05802d776d705b 2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.1mdv2007.1.x86_64.rpm
3cc3e00778849eb1441d7d1b8ffb9c77 2007.1/x86_64/lib64mysql15-5.0.37-2.1mdv2007.1.x86_64.rpm
34f0aab6fbf146fa753b6e74d018b9b4 2007.1/x86_64/lib64mysql15-devel-5.0.37-2.1mdv2007.1.x86_64.rpm
e578aa3c0533512d3172a8783951a78b 2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.1mdv2007.1.x86_64.rpm
20002982712cf20e3b568952153bf934 2007.1/SRPMS/MySQL-5.0.37-2.1mdv2007.1.src.rpm

Corporate 4.0:
6dd1e46117228da990577dcc61c62924 corporate/4.0/i586/MySQL-5.0.24-1.1.20060mlcs4.i586.rpm
056f42ca5a679334f5b10fee2ac7c3ff corporate/4.0/i586/MySQL-Max-5.0.24-1.1.20060mlcs4.i586.rpm
8ef459e29a6e0b6efc41ce10865b05c7 corporate/4.0/i586/MySQL-bench-5.0.24-1.1.20060mlcs4.i586.rpm
7d3b7b1714983c1d2eafdf8cc7bc4575 corporate/4.0/i586/MySQL-client-5.0.24-1.1.20060mlcs4.i586.rpm
0f011f86f0cd69f8298d68e711194396 corporate/4.0/i586/MySQL-common-5.0.24-1.1.20060mlcs4.i586.rpm
7863f10c35563f5ae5ab69d4c6991932 corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.1.20060mlcs4.i586.rpm
a09a90a1f7f30a7d4656f5315f3f91ea corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.1.20060mlcs4.i586.rpm
4daff89ac6a7eefa3959a3a3f4bbfa52 corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.1.20060mlcs4.i586.rpm
b1eda7ba40300324970df9167782c33b corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.1.20060mlcs4.i586.rpm
56444ba86d330cd75ebb83f2aab6aaa8 corporate/4.0/i586/libmysql15-5.0.24-1.1.20060mlcs4.i586.rpm
8b567ebda8df1f0712ee98fdace57817 corporate/4.0/i586/libmysql15-devel-5.0.24-1.1.20060mlcs4.i586.rpm
423a28d42aec3612823398b88d6ab0ce corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.1.20060mlcs4.i586.rpm
4151b2b3b22cd4b8c1dc031fb3430d78 corporate/4.0/SRPMS/MySQL-5.0.24-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b89177a384077e76ef9df8d021c74a66 corporate/4.0/x86_64/MySQL-5.0.24-1.1.20060mlcs4.x86_64.rpm
3c7b768ba6f05ea036d940cc58c6500a corporate/4.0/x86_64/MySQL-Max-5.0.24-1.1.20060mlcs4.x86_64.rpm
95da2d0ea66c4de6dadbd89324197a27 corporate/4.0/x86_64/MySQL-bench-5.0.24-1.1.20060mlcs4.x86_64.rpm
a5c454af184c33ce1e8d555ace6c8931 corporate/4.0/x86_64/MySQL-client-5.0.24-1.1.20060mlcs4.x86_64.rpm
34f0b93bc7b48c1f8fa04a74550036c3 corporate/4.0/x86_64/MySQL-common-5.0.24-1.1.20060mlcs4.x86_64.rpm
9882f3066be03c78f7dd7bbe1bf0c555 corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.1.20060mlcs4.x86_64.rpm
9c61cca4d73f8f0baf55987f538d6872 corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.1.20060mlcs4.x86_64.rpm
2d155a51c2c9ecd4ad645dcfe314280c corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.1.20060mlcs4.x86_64.rpm
eda3a5e7040258ff6005323db42d4b7e corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.1.20060mlcs4.x86_64.rpm
cf8f3a2b20f73a918afcc2c3e73ac57a corporate/4.0/x86_64/lib64mysql15-5.0.24-1.1.20060mlcs4.x86_64.rpm
87246d9937ee81c09d53243c35aff3cc corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.1.20060mlcs4.x86_64.rpm
325018d3076aebc0ca825c20b7065909 corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.1.20060mlcs4.x86_64.rpm
4151b2b3b22cd4b8c1dc031fb3430d78 corporate/4.0/SRPMS/MySQL-5.0.24-1.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGi/ojmqjQ0CJFipgRAj4NAKCMFSHT8PkOglo8P86m1XiXTwUasQCfWnjl
9JQL+8BVj6JxMqm+UCYacFs=
=SIi1
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close