Test Kennung:	1.3.6.1.4.1.25623.1.0.56850
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: mysql-server
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: mysql-server CVE-2006-1516 The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. CVE-2006-1517 sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. CVE-2006-1518 Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1516 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 17780 http://www.securityfocus.com/bid/17780 Bugtraq: 20060502 MySQL Anonymous Login Handshake - Information Leakage. (Google Search) http://www.securityfocus.com/archive/1/432733/100/0/threaded Bugtraq: 20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage (Google Search) http://www.securityfocus.com/archive/1/434164/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1071 (Google Search) http://www.debian.org/security/2006/dsa-1071 Debian Security Information: DSA-1073 (Google Search) http://www.debian.org/security/2006/dsa-1073 Debian Security Information: DSA-1079 (Google Search) http://www.debian.org/security/2006/dsa-1079 http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:084 http://www.wisec.it/vulns.php?page=7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9918 http://www.redhat.com/support/errata/RHSA-2006-0544.html http://securitytracker.com/id?1016017 http://secunia.com/advisories/19929 http://secunia.com/advisories/20002 http://secunia.com/advisories/20073 http://secunia.com/advisories/20076 http://secunia.com/advisories/20223 http://secunia.com/advisories/20241 http://secunia.com/advisories/20253 http://secunia.com/advisories/20333 http://secunia.com/advisories/20424 http://secunia.com/advisories/20457 http://secunia.com/advisories/20625 http://secunia.com/advisories/20762 http://secunia.com/advisories/24479 http://secunia.com/advisories/29847 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377 http://securityreason.com/securityalert/840 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 SuSE Security Announcement: SUSE-SA:2006:036 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html SuSE Security Announcement: SUSE-SR:2006:012 (Google Search) http://www.novell.com/linux/security/advisories/2006-06-02.html http://www.trustix.org/errata/2006/0028 https://usn.ubuntu.com/283-1/ http://www.vupen.com/english/advisories/2006/1633 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2008/1326/references XForce ISS Database: mysql-login-packet-info-disclosure(26236) https://exchange.xforce.ibmcloud.com/vulnerabilities/26236 Common Vulnerability Exposure (CVE) ID: CVE-2006-1517 Bugtraq: 20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution. (Google Search) http://www.securityfocus.com/archive/1/432734/100/0/threaded http://www.wisec.it/vulns.php?page=8 http://www.osvdb.org/25228 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11036 http://securitytracker.com/id?1016016 http://securityreason.com/securityalert/839 XForce ISS Database: mysql-sqlparcecc-information-disclosure(26228) https://exchange.xforce.ibmcloud.com/vulnerabilities/26228 Common Vulnerability Exposure (CVE) ID: CVE-2006-1518 CERT/CC vulnerability note: VU#602457 http://www.kb.cert.org/vuls/id/602457 XForce ISS Database: mysql-comtabledump-bo(26232) https://exchange.xforce.ibmcloud.com/vulnerabilities/26232
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.