Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.14343
Categoría:Databases
Título:MySQL mysqlhotcopy script insecure temporary file
Resumen:You are running a version of MySQL which is older than version 4.0.21.;;mysqlhotcopy is reported to contain an insecure temporary file creation;vulnerability.;;The result of this is that temporary files created by the application may;use predictable filenames.;;A local attacker may also possibly exploit this vulnerability to execute;symbolic link file overwrite attacks.;;*** Note : this vulnerability is local only
Descripción:Summary:
You are running a version of MySQL which is older than version 4.0.21.

mysqlhotcopy is reported to contain an insecure temporary file creation
vulnerability.

The result of this is that temporary files created by the application may
use predictable filenames.

A local attacker may also possibly exploit this vulnerability to execute
symbolic link file overwrite attacks.

*** Note : this vulnerability is local only

Solution:
Upgrade to the latest version of MySQL 4.0.21 or newer

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 10969
Common Vulnerability Exposure (CVE) ID: CVE-2004-0457
Computer Incident Advisory Center Bulletin: P-018
http://www.ciac.org/ciac/bulletins/p-018.shtml
Debian Security Information: DSA-540 (Google Search)
http://www.debian.org/security/2004/dsa-540
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693
http://www.redhat.com/support/errata/RHSA-2004-597.html
XForce ISS Database: mysql-mysqlhotcopy-insecure-file(17030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17030
CopyrightThis script is Copyright (C) 2004 David Maciejak

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.