Denial of Service : MySQL < 3.23.59, 4.x < 4.0.21 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.15449

Categoría: Denial of Service

Título: MySQL < 3.23.59, 4.x < 4.0.21 Multiple Vulnerabilities

Resumen: MySQL is prone to multiple vulnerabilities.

Descripción: Summary:
MySQL is prone to multiple vulnerabilities.

Vulnerability Insight:
The remote version of this software is vulnerable to specially
crafted ALTER TABLE SQL query which can be exploited to bypass some applied security restrictions
or cause a denial of service. To exploit this flaw, an attacker would need the ability to execute
arbitrary SQL statements on the remote host.

Affected Software/OS:
MySQL prior to 3.23.59 and 4.x prior to 4.0.21.

Solution:
Update to version 3.23.59, 4.0.21 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0835
BugTraq ID: 11357
http://www.securityfocus.com/bid/11357
Computer Incident Advisory Center Bulletin: P-018
http://www.ciac.org/ciac/bulletins/p-018.shtml
Conectiva Linux advisory: CLA-2004:892
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
Debian Security Information: DSA-562 (Google Search)
http://www.debian.org/security/2004/dsa-562
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
http://bugs.mysql.com/bug.php?id=3270
http://lists.mysql.com/internals/13073
http://www.redhat.com/support/errata/RHSA-2004-597.html
http://www.redhat.com/support/errata/RHSA-2004-611.html
http://securitytracker.com/id?1011606
http://secunia.com/advisories/12783/
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
http://www.trustix.org/errata/2004/0054/
XForce ISS Database: mysql-alter-restriction-bypass(17666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17666
Common Vulnerability Exposure (CVE) ID: CVE-2004-0837
Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110140517515735&w=2
http://bugs.mysql.com/2408
http://lists.mysql.com/internals/16168
http://lists.mysql.com/internals/16173
http://lists.mysql.com/internals/16174
http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15
XForce ISS Database: mysql-union-dos(17667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17667

Copyright Copyright (C) 2004 David Maciejak

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.15449
Categoría:	Denial of Service
Título:	MySQL < 3.23.59, 4.x < 4.0.21 Multiple Vulnerabilities
Resumen:	MySQL is prone to multiple vulnerabilities.
Descripción:	Summary: MySQL is prone to multiple vulnerabilities. Vulnerability Insight: The remote version of this software is vulnerable to specially crafted ALTER TABLE SQL query which can be exploited to bypass some applied security restrictions or cause a denial of service. To exploit this flaw, an attacker would need the ability to execute arbitrary SQL statements on the remote host. Affected Software/OS: MySQL prior to 3.23.59 and 4.x prior to 4.0.21. Solution: Update to version 3.23.59, 4.0.21 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0835 BugTraq ID: 11357 http://www.securityfocus.com/bid/11357 Computer Incident Advisory Center Bulletin: P-018 http://www.ciac.org/ciac/bulletins/p-018.shtml Conectiva Linux advisory: CLA-2004:892 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 Debian Security Information: DSA-562 (Google Search) http://www.debian.org/security/2004/dsa-562 http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml http://bugs.mysql.com/bug.php?id=3270 http://lists.mysql.com/internals/13073 http://www.redhat.com/support/errata/RHSA-2004-597.html http://www.redhat.com/support/errata/RHSA-2004-611.html http://securitytracker.com/id?1011606 http://secunia.com/advisories/12783/ http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: mysql-alter-restriction-bypass(17666) https://exchange.xforce.ibmcloud.com/vulnerabilities/17666 Common Vulnerability Exposure (CVE) ID: CVE-2004-0837 Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110140517515735&w=2 http://bugs.mysql.com/2408 http://lists.mysql.com/internals/16168 http://lists.mysql.com/internals/16173 http://lists.mysql.com/internals/16174 http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15 XForce ISS Database: mysql-union-dos(17667) https://exchange.xforce.ibmcloud.com/vulnerabilities/17667
Copyright	Copyright (C) 2004 David Maciejak