Test Kennung:	1.3.6.1.4.1.25623.1.0.51935
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2005:334
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2005:334. MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL server. Stefano Di Paola discovered two bugs in the way MySQL handles user-defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0709 and CVE-2005-0710 to these issues. Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0711 to this issue. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-334.html Risk factor : Medium CVSS Score: 4.6
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0709 101864 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 12781 http://www.securityfocus.com/bid/12781 2005-0009 http://www.trustix.org/errata/2005/0009/ 20050310 Mysql CREATE FUNCTION libc arbitrary code execution. http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html http://marc.info/?l=bugtraq&m=111066115808506&w=2 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-707 http://www.debian.org/security/2005/dsa-707 GLSA-200503-19 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml MDKSA-2005:060 http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 RHSA-2005:334 http://www.redhat.com/support/errata/RHSA-2005-334.html RHSA-2005:348 http://www.redhat.com/support/errata/RHSA-2005-348.html SUSE-SA:2005:019 http://www.novell.com/linux/security/advisories/2005_19_mysql.html USN-96-1 https://usn.ubuntu.com/96-1/ oval:org.mitre.oval:def:10479 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479 Common Vulnerability Exposure (CVE) ID: CVE-2005-0710 20050310 Mysql CREATE FUNCTION mysql.func table arbitrary library injection http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html http://marc.info/?l=bugtraq&m=111065974004648&w=2 mysql-udfinit-gain-access(19658) https://exchange.xforce.ibmcloud.com/vulnerabilities/19658 oval:org.mitre.oval:def:10180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180 Common Vulnerability Exposure (CVE) ID: CVE-2005-0711 20050310 Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html oval:org.mitre.oval:def:9591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.