Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.50748 |
Category: | Mandrake Local Security Checks |
Title: | Mandrake Security Advisory MDKSA-2003:094 (MySQL) |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing an update to MySQL announced via advisory MDKSA-2003:094. A buffer overflow was discovered in MySQL that could be executed by any user with ALTER TABLE privileges on the mysql database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The mysql database is used by MySQL for internal record keeping and by default only the root user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0780 http://lists.netsys.com/pipermail/full-disclosure/2003-September/009819.html Risk factor : Critical CVSS Score: 9.0 |
Cross-Ref: |
BugTraq ID: 8590 Common Vulnerability Exposure (CVE) ID: CVE-2003-0780 Bugtraq: 20030910 Buffer overflow in MySQL (Google Search) http://www.securityfocus.com/archive/1/337012 Bugtraq: 20030913 exploit for mysql -- [get_salt_from_password] problem (Google Search) http://marc.info/?l=bugtraq&m=106364207129993&w=2 CERT/CC vulnerability note: VU#516492 http://www.kb.cert.org/vuls/id/516492 Conectiva Linux advisory: CLA-2003:743 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 Debian Security Information: DSA-381 (Google Search) http://www.debian.org/security/2003/dsa-381 En Garde Linux Advisory: ESA-20030918-025 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:094 http://www.redhat.com/support/errata/RHSA-2003-281.html http://www.redhat.com/support/errata/RHSA-2003-282.html http://secunia.com/advisories/9709 http://marc.info/?l=bugtraq&m=106381424420775&w=2 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |