Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.801355
Categoría:Databases
Título:MySQL Multiple Vulnerabilities
Resumen:The host is running MySQL and is prone to multiple vulnerabilities.
Descripción:Summary:
The host is running MySQL and is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- An error in 'my_net_skip_rest()' function in 'sql/net_serv.cc' when handling
a large number of packets that exceed the maximum length, which allows remote
attackers to cause a denial of service (CPU and bandwidth consumption).

- buffer overflow when handling 'COM_FIELD_LIST' command with a long
table name, allows remote authenticated users to execute arbitrary code.

- directory traversal vulnerability when handling a '..' (dot dot) in a
table name, which allows remote authenticated users to bypass intended
table grants to read field definitions of arbitrary tables.

Vulnerability Impact:
Successful exploitation could allow users to cause a denial of service and
to execute arbitrary code.

Affected Software/OS:
MySQL 5.0.x before 5.0.91 and 5.1.x before 5.1.47 on all running platform.

Solution:
Upgrade to MySQL version 5.0.91 or 5.1.47.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1848
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:107
http://lists.mysql.com/commits/107532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210
http://www.redhat.com/support/errata/RHSA-2010-0442.html
http://www.redhat.com/support/errata/RHSA-2010-0824.html
http://securitytracker.com/id?1024031
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
http://www.ubuntu.com/usn/USN-1397-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-1849
http://lists.mysql.com/commits/106060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7328
http://securitytracker.com/id?1024032
Common Vulnerability Exposure (CVE) ID: CVE-2010-1850
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693
http://securitytracker.com/id?1024033
CopyrightCopyright (c) 2010 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.