MDVSA-2010:107 -- Mandriva mysqlID: oval:org.secpod.oval:def:300106 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in mysql: The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST . The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet CVE-2010-1849(CVE-2010-1850
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |