English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 74154 CVE Beschreibungen
und 39337 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.59216
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-528-1 (mysql-dfsg-5.0)
Zusammenfassung:Ubuntu USN-528-1 (mysql-dfsg-5.0)
Beschreibung:
The remote host is missing an update to mysql-dfsg-5.0
announced via advisory USN-528-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

ATTENTION: A change was made to the init script for mysql. Now on
start-up, mysql is checked to make sure that the mysql root password is
set. If it is blank, a message is sent to the console and the system
logger alerting that the password is not set, along with instructions
on how to set it. Additionally, you can now use:

sudo /etc/init.d/mysql reset-password

to set the root mysql user's password.

Details follow:

Neil Kettle discovered that MySQL could be made to dereference a NULL
pointer and divide by zero. An authenticated user could exploit this
with a crafted IF clause, leading to a denial of service. (CVE-2007-2583)

Victoria Reznichenko discovered that MySQL did not always require the
DROP privilege. An authenticated user could exploit this via RENAME
TABLE statements to rename arbitrary tables, possibly gaining additional
database access. (CVE-2007-2691)

It was discovered that MySQL could be made to overflow a signed char
during authentication. Remote attackers could use crafted authentication
requests to cause a denial of service. (CVE-2007-3780)

Phil Anderton discovered that MySQL did not properly verify access
privileges when accessing external tables. As a result, authenticated
users could exploit this to obtain UPDATE privileges to external
tables. (CVE-2007-3782)

In certain situations, when installing or upgrading mysql, there was no
notification that the mysql root user password needed to be set. If the
password was left unset, attackers would be able to obtain unrestricted
access to mysql. This is now checked during mysql start-up.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.5

Ubuntu 6.10:
mysql-server-5.0 5.0.24a-9ubuntu2.1

Ubuntu 7.04:
mysql-server-5.0 5.0.38-0ubuntu1.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-528-1

Risk factor : Medium
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-2583
http://www.exploit-db.com/exploits/30020
http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html
Debian Security Information: DSA-1413 (Google Search)
http://www.debian.org/security/2007/dsa-1413
http://security.gentoo.org/glsa/glsa-200705-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
http://www.redhat.com/support/errata/RHSA-2008-0364.html
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.trustix.org/errata/2007/0017/
http://www.ubuntulinux.org/support/documentation/usn/usn-528-1
BugTraq ID: 23911
http://www.securityfocus.com/bid/23911
http://www.osvdb.org/34734
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9930
http://secunia.com/advisories/30351
http://www.vupen.com/english/advisories/2007/1731
http://secunia.com/advisories/25196
http://secunia.com/advisories/25188
http://secunia.com/advisories/25255
http://secunia.com/advisories/25389
http://secunia.com/advisories/25946
http://secunia.com/advisories/27155
http://secunia.com/advisories/27823
http://secunia.com/advisories/28838
XForce ISS Database: mysql-if-dos(34232)
http://xforce.iss.net/xforce/xfdb/34232
Common Vulnerability Exposure (CVE) ID: CVE-2007-2691
Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded
http://lists.mysql.com/announce/470
http://bugs.mysql.com/bug.php?id=27515
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://www.redhat.com/support/errata/RHSA-2007-0894.html
http://www.redhat.com/support/errata/RHSA-2008-0768.html
BugTraq ID: 24016
http://www.securityfocus.com/bid/24016
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://osvdb.org/34766
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559
http://www.vupen.com/english/advisories/2007/1804
http://www.vupen.com/english/advisories/2008/2780
http://www.securitytracker.com/id?1018069
http://secunia.com/advisories/25301
http://secunia.com/advisories/26073
http://secunia.com/advisories/26430
http://secunia.com/advisories/31226
http://secunia.com/advisories/32222
XForce ISS Database: mysql-renametable-weak-security(34347)
http://xforce.iss.net/xforce/xfdb/34347
Common Vulnerability Exposure (CVE) ID: CVE-2007-3780
http://bugs.mysql.com/bug.php?id=28984
http://security.gentoo.org/glsa/glsa-200708-10.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:177
http://www.redhat.com/support/errata/RHSA-2007-0875.html
SuSE Security Announcement: SUSE-SR:2007:019 (Google Search)
http://www.novell.com/linux/security/advisories/2007_19_sr.html
BugTraq ID: 25017
http://www.securityfocus.com/bid/25017
http://osvdb.org/36732
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058
http://www.vupen.com/english/advisories/2008/1000/references
http://www.securitytracker.com/id?1018629
http://secunia.com/advisories/26498
http://secunia.com/advisories/26710
http://secunia.com/advisories/26987
http://secunia.com/advisories/26621
Common Vulnerability Exposure (CVE) ID: CVE-2007-3782
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563
http://securitytracker.com/id?1018663
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39337 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.