ID de Prueba:	1.3.6.1.4.1.25623.1.0.52004
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2005:946
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2005:946. This announcement fixes several vulnerabilities discovered in MySQL: 1.CVE-2005-0709 MySQL allowed remote authenticated users with INSERT and DELETE privileges on 'mysql' administrative database to execute arbitrary code by using CREATE FUNCTION to access libc calls. 2.CVE-2005-0710 MySQL allowed remote authenticated users with INSERT and DELETE privileges on 'mysql' administrative database to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. 3.CVE-2005-0711 MySQL used predictable file names when creating temporary tables, which allowed local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.mysql.com/products/mysql/ http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:946 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000946 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0709 101864 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 12781 http://www.securityfocus.com/bid/12781 2005-0009 http://www.trustix.org/errata/2005/0009/ 20050310 Mysql CREATE FUNCTION libc arbitrary code execution. http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html http://marc.info/?l=bugtraq&m=111066115808506&w=2 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-707 http://www.debian.org/security/2005/dsa-707 GLSA-200503-19 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml MDKSA-2005:060 http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 RHSA-2005:334 http://www.redhat.com/support/errata/RHSA-2005-334.html RHSA-2005:348 http://www.redhat.com/support/errata/RHSA-2005-348.html SUSE-SA:2005:019 http://www.novell.com/linux/security/advisories/2005_19_mysql.html USN-96-1 https://usn.ubuntu.com/96-1/ oval:org.mitre.oval:def:10479 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479 Common Vulnerability Exposure (CVE) ID: CVE-2005-0710 20050310 Mysql CREATE FUNCTION mysql.func table arbitrary library injection http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html http://marc.info/?l=bugtraq&m=111065974004648&w=2 mysql-udfinit-gain-access(19658) https://exchange.xforce.ibmcloud.com/vulnerabilities/19658 oval:org.mitre.oval:def:10180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180 Common Vulnerability Exposure (CVE) ID: CVE-2005-0711 20050310 Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html oval:org.mitre.oval:def:9591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.