Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67541
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2057-1 (mysql-dfsg-5.0)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to mysql-dfsg-5.0
announced via advisory DSA 2057-1.

Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2010-1626

MySQL allows local users to delete the data and index files of another
user's MyISAM table via a symlink attack in conjunction with the DROP
TABLE command.


CVE-2010-1848

MySQL failed to check the table name argument of a COM_FIELD_LIST
command packet for validity and compliance to acceptable table name
standards. This allows an authenticated user with SELECT privileges on
one table to obtain the field definitions of any table in all other
databases and potentially of other MySQL instances accessible from the
server's file system.


CVE-2010-1849

MySQL could be tricked to read packets indefinitely if it received a
packet larger than the maximum size of one packet.
This results in high CPU usage and thus denial of service conditions.


CVE-2010-1850

MySQL was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of a
COM_FIELD_LIST command packet. By sending long data for the table
name, a buffer is overflown, which could be exploited by an
authenticated user to inject malicious code.


For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny4

The testing (squeeze) and unstable (sid) distribution do not contain
mysql-dfsg-5.0 anymore.

We recommend that you upgrade your mysql-dfsg-5.0 package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202057-1

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1626
BugTraq ID: 40257
http://www.securityfocus.com/bid/40257
http://www.mandriva.com/security/advisories?name=MDVSA-2010:101
http://www.openwall.com/lists/oss-security/2010/05/10/2
http://www.openwall.com/lists/oss-security/2010/05/18/4
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490
http://www.redhat.com/support/errata/RHSA-2010-0442.html
http://securitytracker.com/id?1024004
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2010/1194
Common Vulnerability Exposure (CVE) ID: CVE-2010-1848
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:107
http://lists.mysql.com/commits/107532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210
http://www.redhat.com/support/errata/RHSA-2010-0824.html
http://securitytracker.com/id?1024031
Common Vulnerability Exposure (CVE) ID: CVE-2010-1849
http://lists.mysql.com/commits/106060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7328
http://securitytracker.com/id?1024032
Common Vulnerability Exposure (CVE) ID: CVE-2010-1850
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693
http://securitytracker.com/id?1024033
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.