English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75096 CVE Beschreibungen
und 39644 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68291
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2010:0825
Zusammenfassung:Redhat Security Advisory RHSA-2010:0825
Beschreibung:The remote host is missing updates announced in
advisory RHSA-2010:0825.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

It was found that the MySQL PolyFromWKB() function did not sanity check
Well-Known Binary (WKB) data. A remote, authenticated attacker could use
specially-crafted WKB data to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3840)

A flaw was found in the way MySQL processed certain JOIN queries. If a
stored procedure contained JOIN queries, and that procedure was executed
twice in sequence, it could cause an infinite loop, leading to excessive
CPU use (up to 100%). A remote, authenticated attacker could use this flaw
to cause a denial of service. (CVE-2010-3839)

A flaw was found in the way MySQL processed queries that provide a mixture
of numeric and longblob data types to the LEAST or GREATEST function. A
remote, authenticated attacker could use this flaw to crash mysqld. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3838)

A flaw was found in the way MySQL processed PREPARE statements containing
both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated
attacker could use this flaw to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3837)

It was found that MySQL did not properly pre-evaluate LIKE arguments in
view prepare mode. A remote, authenticated attacker could possibly use this
flaw to crash mysqld. (CVE-2010-3836)

A flaw was found in the way MySQL processed statements that assign a value
to a user-defined variable and that also contain a logical value
evaluation. A remote, authenticated attacker could use this flaw to crash
mysqld. This issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3835)

A flaw was found in the way MySQL evaluated the arguments of extreme-value
functions, such as LEAST and GREATEST. A remote, authenticated attacker
could use this flaw to crash mysqld. This issue only caused a temporary
denial of service, as mysqld was automatically restarted after the crash.
(CVE-2010-3833)

A flaw was found in the way MySQL processed EXPLAIN statements for some
complex SELECT queries. A remote, authenticated attacker could use this
flaw to crash mysqld. This issue only caused a temporary denial of service,
as mysqld was automatically restarted after the crash. (CVE-2010-3682)

A flaw was found in the way MySQL processed certain alternating READ
requests provided by HANDLER statements. A remote, authenticated attacker
could use this flaw to provide such requests, causing mysqld to crash. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3681)

A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE
statements that define NULL columns when using the InnoDB storage engine. A
remote, authenticated attacker could use this flaw to crash mysqld. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3680)

A flaw was found in the way MySQL processed JOIN queries that attempt to
retrieve data from a unique SET column. A remote, authenticated attacker
could use this flaw to crash mysqld. This issue only caused a temporary
denial of service, as mysqld was automatically restarted after the crash.
(CVE-2010-3677)

All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0825.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3677
http://www.openwall.com/lists/oss-security/2010/09/28/10
http://bugs.mysql.com/bug.php?id=54575
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Debian Security Information: DSA-2143 (Google Search)
http://www.debian.org/security/2011/dsa-2143
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
http://www.redhat.com/support/errata/RHSA-2010-0825.html
http://www.redhat.com/support/errata/RHSA-2011-0164.html
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
TurboLinux Advisory: TLSA-2011-3
http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
http://www.ubuntu.com/usn/USN-1017-1
BugTraq ID: 42646
http://www.securityfocus.com/bid/42646
http://secunia.com/advisories/42875
http://secunia.com/advisories/42936
http://www.vupen.com/english/advisories/2011/0105
http://www.vupen.com/english/advisories/2011/0133
http://www.vupen.com/english/advisories/2011/0170
http://www.vupen.com/english/advisories/2011/0345
XForce ISS Database: mysql-setcolumn-dos(64688)
http://xforce.iss.net/xforce/xfdb/64688
Common Vulnerability Exposure (CVE) ID: CVE-2010-3680
BugTraq ID: 42598
http://www.securityfocus.com/bid/42598
XForce ISS Database: mysql-innodb-dos(64686)
http://xforce.iss.net/xforce/xfdb/64686
Common Vulnerability Exposure (CVE) ID: CVE-2010-3681
http://www.redhat.com/support/errata/RHSA-2010-0824.html
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
BugTraq ID: 42633
http://www.securityfocus.com/bid/42633
XForce ISS Database: mysql-handler-interface-dos(64685)
http://xforce.iss.net/xforce/xfdb/64685
Common Vulnerability Exposure (CVE) ID: CVE-2010-3682
BugTraq ID: 42599
http://www.securityfocus.com/bid/42599
XForce ISS Database: mysql-itemsinglerowsubselect-dos(64684)
http://xforce.iss.net/xforce/xfdb/64684
Common Vulnerability Exposure (CVE) ID: CVE-2010-3833
http://bugs.mysql.com/bug.php?id=55826
http://www.mandriva.com/security/advisories?name=MDVSA-2010:223
BugTraq ID: 43676
http://www.securityfocus.com/bid/43676
XForce ISS Database: mysql-extremevalue-dos(64845)
http://xforce.iss.net/xforce/xfdb/64845
Common Vulnerability Exposure (CVE) ID: CVE-2010-3835
http://bugs.mysql.com/bug.php?id=55564
XForce ISS Database: mysql-uservariable-dos(64843)
http://xforce.iss.net/xforce/xfdb/64843
Common Vulnerability Exposure (CVE) ID: CVE-2010-3836
XForce ISS Database: mysql-view-preparation-dos(64842)
http://xforce.iss.net/xforce/xfdb/64842
Common Vulnerability Exposure (CVE) ID: CVE-2010-3837
XForce ISS Database: mysql-prepared-statement-dos(64841)
http://xforce.iss.net/xforce/xfdb/64841
Common Vulnerability Exposure (CVE) ID: CVE-2010-3838
http://bugs.mysql.com/bug.php?id=54461
XForce ISS Database: mysql-longblob-dos(64840)
http://xforce.iss.net/xforce/xfdb/64840
Common Vulnerability Exposure (CVE) ID: CVE-2010-3839
XForce ISS Database: mysql-invocations-dos(64839)
http://xforce.iss.net/xforce/xfdb/64839
Common Vulnerability Exposure (CVE) ID: CVE-2010-3840
http://lists.mysql.com/commits/117094
XForce ISS Database: mysql-gislinestringinitfromwkb-dos(64838)
http://xforce.iss.net/xforce/xfdb/64838
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39644 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.