Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.53595
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 303-1 (mysql)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to mysql
announced via advisory DSA 303-1.

CVE-2003-0073: The mysql package contains a bug whereby dynamically
allocated memory is freed more than once, which could be deliberately
triggered by an attacker to cause a crash, resulting in a denial of
service condition. In order to exploit this vulnerability, a valid
username and password combination for access to the MySQL server is
required.

CVE-2003-0150: The mysql package contains a bug whereby a malicious
user, granted certain permissions within mysql, could create a
configuration file which would cause the mysql server to run as root,
or any other user, rather than the mysql user.

For the stable distribution (woody) both problems have been fixed in
version 3.23.49-8.4.

The old stable distribution (potato) is only affected by
CVE-2003-0150, and this has been fixed in version 3.22.32-6.4.

For the unstable distribution (sid), CVE-2003-0073 was fixed in
version 4.0.12-2, and CVE-2003-0150 will be fixed soon.

We recommend that you update your mysql package.



Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20303-1

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0073
BugTraq ID: 6718
http://www.securityfocus.com/bid/6718
Bugtraq: 20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql) (Google Search)
http://marc.info/?l=bugtraq&m=104385719107879&w=2
Conectiva Linux advisory: CLA-2003:743
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
Debian Security Information: DSA-303 (Google Search)
http://www.debian.org/security/2003/dsa-303
En Garde Linux Advisory: ESA-20030220-004
http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436
http://www.redhat.com/support/errata/RHSA-2003-093.html
RedHat Security Advisories: RHSA-2003:094
http://www.redhat.com/support/errata/RHSA-2003-166.html
http://www.iss.net/security_center/static/11199.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0150
BugTraq ID: 7052
http://www.securityfocus.com/bid/7052
Bugtraq: 20030308 MySQL_user_can_be_changed_to_root? (Google Search)
http://marc.info/?l=bugtraq&m=104715840202315&w=2
Bugtraq: 20030310 Re: MySQL user can be changed to root (Google Search)
http://marc.info/?l=bugtraq&m=104739810523433&w=2
Bugtraq: 20030318 GLSA: mysql (200303-14) (Google Search)
http://marc.info/?l=bugtraq&m=104802285012750&w=2
Bugtraq: 20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql) (Google Search)
http://marc.info/?l=bugtraq&m=104800948128630&w=2
CERT/CC vulnerability note: VU#203897
http://www.kb.cert.org/vuls/id/203897
En Garde Linux Advisory: ESA-20030324-012
http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442
http://rhn.redhat.com/errata/RHSA-2003-094.html
XForce ISS Database: mysql-datadir-root-privileges(11510)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11510
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.