Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.100156
Categoría:Databases
Título:MySQL MyISAM Table Privileges Security Bypass Vulnerability
Resumen:According to its version number, the remote version of MySQL is; prone to a security-bypass vulnerability.
Descripción:Summary:
According to its version number, the remote version of MySQL is
prone to a security-bypass vulnerability.

Vulnerability Insight:
NOTE 1: This issue was also assigned CVE-2008-4097 because
CVE-2008-2079 was incompletely fixed, allowing symlink attacks.

NOTE 2: CVE-2008-4098 was assigned because fixes for the vector
described in CVE-2008-4097 can also be bypassed.

Vulnerability Impact:
An attacker can exploit this issue to gain access to table files created by
other users, bypassing certain security restrictions.

Affected Software/OS:
This issue affects versions prior to MySQL 4 (prior to 4.1.24) and
MySQL 5 (prior to 5.0.60).

Solution:
Updates are available, please see the references for more information.

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 29106
Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://www.securityfocus.com/bid/29106
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Debian Security Information: DSA-1608 (Google Search)
http://www.debian.org/security/2008/dsa-1608
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0510.html
http://www.redhat.com/support/errata/RHSA-2008-0768.html
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.securitytracker.com/id?1019995
http://secunia.com/advisories/30134
http://secunia.com/advisories/31066
http://secunia.com/advisories/31226
http://secunia.com/advisories/31687
http://secunia.com/advisories/32222
http://secunia.com/advisories/32769
http://secunia.com/advisories/36566
http://secunia.com/advisories/36701
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/USN-671-1
http://www.vupen.com/english/advisories/2008/1472/references
http://www.vupen.com/english/advisories/2008/2780
XForce ISS Database: mysql-myisam-security-bypass(42267)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267
Common Vulnerability Exposure (CVE) ID: CVE-2008-4097
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://secunia.com/advisories/32759
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
XForce ISS Database: mysql-myisam-symlinks-security-bypass(45648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
Common Vulnerability Exposure (CVE) ID: CVE-2008-4098
Debian Security Information: DSA-1662 (Google Search)
http://www.debian.org/security/2008/dsa-1662
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://secunia.com/advisories/32578
http://secunia.com/advisories/38517
http://www.ubuntu.com/usn/USN-1397-1
http://ubuntu.com/usn/usn-897-1
XForce ISS Database: mysql-myisam-symlink-security-bypass(45649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.