English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.66829
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2010:0110
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0110.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

Multiple flaws were discovered in the way MySQL handled symbolic links to
tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in
CREATE TABLE statements. An attacker with CREATE and DROP table privileges
and shell access to the database server could use these flaws to escalate
their database privileges, or gain access to tables created by other
database users. (CVE-2008-4098, CVE-2009-4030)

Note: Due to the security risks and previous security issues related to the
use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not
depending on this feature should consider disabling it by adding
symbolic-links=0 to the [mysqld] section of the my.cnf configuration
file. In this update, an example of such a configuration was added to the
default my.cnf file.

An insufficient HTML entities quoting flaw was found in the mysql command
line client's HTML output mode. If an attacker was able to inject arbitrary
HTML tags into data stored in a MySQL database, which was later retrieved
using the mysql command line client and its HTML output mode, they could
perform a cross-site scripting (XSS) attack against victims viewing the
HTML output in a web browser. (CVE-2008-4456)

Multiple format string flaws were found in the way the MySQL server logged
user commands when creating and deleting databases. A remote, authenticated
attacker with permissions to CREATE and DROP databases could use these
flaws to formulate a specially-crafted SQL command that would cause a
temporary denial of service (open connections to mysqld are terminated).
(CVE-2009-2446)

Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld
--log command line option or the log option in my.cnf) must be
enabled. This logging is not enabled by default.

All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0110.html
http://www.redhat.com/security/updates/classification/#moderate
http://dev.mysql.com/doc/refman/4.1/en/symbolic-links-to-tables.html

Risk factor : Critical

CVSS Score:
8.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-4098
32578
http://secunia.com/advisories/32578
32759
http://secunia.com/advisories/32759
32769
http://secunia.com/advisories/32769
38517
http://secunia.com/advisories/38517
DSA-1662
http://www.debian.org/security/2008/dsa-1662
MDVSA-2009:094
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
RHSA-2009:1067
http://www.redhat.com/support/errata/RHSA-2009-1067.html
RHSA-2010:0110
http://www.redhat.com/support/errata/RHSA-2010-0110.html
SUSE-SR:2008:025
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
USN-1397-1
http://www.ubuntu.com/usn/USN-1397-1
USN-671-1
http://www.ubuntu.com/usn/USN-671-1
USN-897-1
http://ubuntu.com/usn/usn-897-1
[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079
http://www.openwall.com/lists/oss-security/2008/09/09/20
[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://bugs.mysql.com/bug.php?id=32167
mysql-myisam-symlink-security-bypass(45649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
oval:org.mitre.oval:def:10591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
Common Vulnerability Exposure (CVE) ID: CVE-2008-4456
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 31486
http://www.securityfocus.com/bid/31486
Bugtraq: 20080930 MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496842/100/0/threaded
Bugtraq: 20080930 RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496877/100/0/threaded
Bugtraq: 20081004 RE: RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://seclists.org/bugtraq/2008/Oct/0026.html
Bugtraq: 20081029 Re: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/497158/100/0/threaded
http://www.securityfocus.com/archive/1/497885/100/0/threaded
Debian Security Information: DSA-1783 (Google Search)
http://www.debian.org/security/2009/dsa-1783
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://secunia.com/advisories/32072
http://secunia.com/advisories/34907
http://secunia.com/advisories/36566
http://securityreason.com/securityalert/4357
XForce ISS Database: mysql-commandline-xss(45590)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45590
Common Vulnerability Exposure (CVE) ID: CVE-2009-2446
BugTraq ID: 35609
http://www.securityfocus.com/bid/35609
Bugtraq: 20090708 MySQL <= 5.0.45 post auth format string vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504799/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
http://www.osvdb.org/55734
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857
http://securitytracker.com/id?1022533
http://secunia.com/advisories/35767
http://www.vupen.com/english/advisories/2009/1857
XForce ISS Database: mysql-dispatchcommand-format-string(51614)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51614
Common Vulnerability Exposure (CVE) ID: CVE-2009-4030
38573
http://secunia.com/advisories/38573
ADV-2010-1107
http://www.vupen.com/english/advisories/2010/1107
APPLE-SA-2010-03-29-1
DSA-1997
http://www.debian.org/security/2010/dsa-1997
RHSA-2010:0109
http://www.redhat.com/support/errata/RHSA-2010-0109.html
SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SUSE-SR:2010:021
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
[commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167
http://lists.mysql.com/commits/89940
[oss-security] 20091119 mysql-5.1.41
http://www.openwall.com/lists/oss-security/2009/11/19/3
[oss-security] 20091124 Re: mysql-5.1.41
http://marc.info/?l=oss-security&m=125908040022018&w=2
http://marc.info/?l=oss-security&m=125908080222685&w=2
http://www.openwall.com/lists/oss-security/2009/11/24/6
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://support.apple.com/kb/HT4077
oval:org.mitre.oval:def:11116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116
oval:org.mitre.oval:def:8156
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156
Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
1019995
http://www.securitytracker.com/id?1019995
29106
http://www.securityfocus.com/bid/29106
30134
http://secunia.com/advisories/30134
31066
http://secunia.com/advisories/31066
31226
http://secunia.com/advisories/31226
31681
http://www.securityfocus.com/bid/31681
31687
http://secunia.com/advisories/31687
32222
http://secunia.com/advisories/32222
36566
36701
http://secunia.com/advisories/36701
ADV-2008-1472
http://www.vupen.com/english/advisories/2008/1472/references
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
APPLE-SA-2009-09-10-2
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
DSA-1608
http://www.debian.org/security/2008/dsa-1608
MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
MDVSA-2008:150
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
RHSA-2008:0505
http://www.redhat.com/support/errata/RHSA-2008-0505.html
RHSA-2008:0510
http://www.redhat.com/support/errata/RHSA-2008-0510.html
RHSA-2008:0768
http://www.redhat.com/support/errata/RHSA-2008-0768.html
RHSA-2009:1289
SUSE-SR:2008:017
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3865
mysql-myisam-security-bypass(42267)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267
oval:org.mitre.oval:def:10133
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.