Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:555

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51562

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:555

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:555.

MySQL is a very popular SQL database, distributed under the GNU-GPL
license.

Stefan Esser from e-matters[1] discovered several vulnerabilities in
the MySQL code that affect both the server and the client library
(libmysql) of MySQL.

The server vulnerabilities can be exploited to crash the MySQL
server, bypass password restrictions or even execute arbitrary code
with the privileges of the user running the server process.

The library ones consist in an arbitrary size heap overflow and a
memory addressing problem that can be both exploited to crash or
execute arbitrary code in programs linked against libmysql.

More details about each vulnerability can be found in the e-matters
security advisory[2].

The Common Vulnerabilities and Exposures project (cve.mitre.org) is
tracking these issues with the names CVE-2002-1373, CVE-2002-1374,
CVE-2002-1375 and CVE-2002-1376.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.e-matters.de/
http://security.e-matters.de/advisories/042002.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1376
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:555
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-1373
BugTraq ID: 6368
http://www.securityfocus.com/bid/6368
Bugtraq: 20021212 Advisory 04/2002: Multiple MySQL vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=103971644013961&w=2
Conectiva Linux advisory: CLSA-2002:555
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
Debian Security Information: DSA-212 (Google Search)
http://www.debian.org/security/2002/dsa-212
En Garde Linux Advisory: ESA-20030127-001
http://marc.info/?l=bugtraq&m=104004857201968&w=2
Immunix Linux Advisory: IMNX-2003-7+-008-01
http://www.securityfocus.com/advisories/5269
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
http://security.e-matters.de/advisories/042002.html
http://www.redhat.com/support/errata/RHSA-2002-288.html
http://www.redhat.com/support/errata/RHSA-2002-289.html
http://www.redhat.com/support/errata/RHSA-2003-166.html
SuSE Security Announcement: SUSE-SA:2003:003 (Google Search)
http://www.novell.com/linux/security/advisories/2003_003_mysql.html
http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
XForce ISS Database: mysql-comtabledump-dos(10846)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10846
Common Vulnerability Exposure (CVE) ID: CVE-2002-1374
BugTraq ID: 6373
http://www.securityfocus.com/bid/6373
Bugtraq: 20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) (Google Search)
http://marc.info/?l=bugtraq&m=104005886114500&w=2
En Garde Linux Advisory: ESA-20021213-033
http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
XForce ISS Database: mysql-comchangeuser-password-bypass(10847)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10847
Common Vulnerability Exposure (CVE) ID: CVE-2002-1375
BugTraq ID: 6375
http://www.securityfocus.com/bid/6375
XForce ISS Database: mysql-comchangeuser-password-bo(10848)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10848
Common Vulnerability Exposure (CVE) ID: CVE-2002-1376
BugTraq ID: 6370
http://www.securityfocus.com/bid/6370
BugTraq ID: 6374
http://www.securityfocus.com/bid/6374
Bugtraq: 20021215 GLSA: mysql (Google Search)
Bugtraq: 20021219 TSLSA-2002-0086 - mysql (Google Search)
http://marc.info/?l=bugtraq&m=104033188706000&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2002:087
XForce ISS Database: mysql-libmysqlclient-readonerow-bo(10850)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10850
XForce ISS Database: mysql-libmysqlclient-readrows-bo(10849)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10849

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51562
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:555
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:555. MySQL is a very popular SQL database, distributed under the GNU-GPL license. Stefan Esser from e-matters[1] discovered several vulnerabilities in the MySQL code that affect both the server and the client library (libmysql) of MySQL. The server vulnerabilities can be exploited to crash the MySQL server, bypass password restrictions or even execute arbitrary code with the privileges of the user running the server process. The library ones consist in an arbitrary size heap overflow and a memory addressing problem that can be both exploited to crash or execute arbitrary code in programs linked against libmysql. More details about each vulnerability can be found in the e-matters security advisory[2]. The Common Vulnerabilities and Exposures project (cve.mitre.org) is tracking these issues with the names CVE-2002-1373, CVE-2002-1374, CVE-2002-1375 and CVE-2002-1376. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.e-matters.de/ http://security.e-matters.de/advisories/042002.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1376 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:555 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1373 BugTraq ID: 6368 http://www.securityfocus.com/bid/6368 Bugtraq: 20021212 Advisory 04/2002: Multiple MySQL vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=103971644013961&w=2 Conectiva Linux advisory: CLSA-2002:555 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 Debian Security Information: DSA-212 (Google Search) http://www.debian.org/security/2002/dsa-212 En Garde Linux Advisory: ESA-20030127-001 http://marc.info/?l=bugtraq&m=104004857201968&w=2 Immunix Linux Advisory: IMNX-2003-7+-008-01 http://www.securityfocus.com/advisories/5269 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087 http://security.e-matters.de/advisories/042002.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://www.redhat.com/support/errata/RHSA-2002-289.html http://www.redhat.com/support/errata/RHSA-2003-166.html SuSE Security Announcement: SUSE-SA:2003:003 (Google Search) http://www.novell.com/linux/security/advisories/2003_003_mysql.html http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt XForce ISS Database: mysql-comtabledump-dos(10846) https://exchange.xforce.ibmcloud.com/vulnerabilities/10846 Common Vulnerability Exposure (CVE) ID: CVE-2002-1374 BugTraq ID: 6373 http://www.securityfocus.com/bid/6373 Bugtraq: 20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=104005886114500&w=2 En Garde Linux Advisory: ESA-20021213-033 http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html XForce ISS Database: mysql-comchangeuser-password-bypass(10847) https://exchange.xforce.ibmcloud.com/vulnerabilities/10847 Common Vulnerability Exposure (CVE) ID: CVE-2002-1375 BugTraq ID: 6375 http://www.securityfocus.com/bid/6375 XForce ISS Database: mysql-comchangeuser-password-bo(10848) https://exchange.xforce.ibmcloud.com/vulnerabilities/10848 Common Vulnerability Exposure (CVE) ID: CVE-2002-1376 BugTraq ID: 6370 http://www.securityfocus.com/bid/6370 BugTraq ID: 6374 http://www.securityfocus.com/bid/6374 Bugtraq: 20021215 GLSA: mysql (Google Search) Bugtraq: 20021219 TSLSA-2002-0086 - mysql (Google Search) http://marc.info/?l=bugtraq&m=104033188706000&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2002:087 XForce ISS Database: mysql-libmysqlclient-readonerow-bo(10850) https://exchange.xforce.ibmcloud.com/vulnerabilities/10850 XForce ISS Database: mysql-libmysqlclient-readrows-bo(10849) https://exchange.xforce.ibmcloud.com/vulnerabilities/10849
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com