Conectiva Local Security Checks : Conectiva Security Advisory CLA-2005:947

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52092

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2005:947

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2005:947.

MySQL is a very popular SQL database.

This announcement fixes two vulnerabilities discovered in MySQL:

1.CVE-2004-0957
A local user which had grant privileges for a database whose name
includes a _ (underscore) caracter could grant privileges to other
databases that have similar names, possibly allowing the user to
conduct unauthorized activities.

2.CVE-2005-0004
A local user could overwrite arbitrary files or read temporary
files via a symlink attack.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.mysql.com/products/mysql/
http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:947
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000947

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0957
Computer Incident Advisory Center Bulletin: P-018
http://www.ciac.org/ciac/bulletins/p-018.shtml
Conectiva Linux advisory: CLA-2005:947
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
Debian Security Information: DSA-707 (Google Search)
http://www.debian.org/security/2005/dsa-707
http://www.mandriva.com/security/advisories?name=MDKSA-2005:070
http://www.redhat.com/support/errata/RHSA-2004-597.html
http://www.redhat.com/support/errata/RHSA-2004-611.html
https://www.ubuntu.com/usn/usn-32-1/
XForce ISS Database: mysql-underscore-gain-priv(17783)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17783
Common Vulnerability Exposure (CVE) ID: CVE-2005-0004
BugTraq ID: 12277
http://www.securityfocus.com/bid/12277
Bugtraq: 20050118 [USN-63-1] MySQL client vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110608297217224&w=2
Debian Security Information: DSA-647 (Google Search)
http://www.debian.org/security/2005/dsa-647
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036
http://secunia.com/advisories/13867
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
XForce ISS Database: mysql-mysqlaccess-symlink(18922)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18922

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52092
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2005:947
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2005:947. MySQL is a very popular SQL database. This announcement fixes two vulnerabilities discovered in MySQL: 1.CVE-2004-0957 A local user which had grant privileges for a database whose name includes a _ (underscore) caracter could grant privileges to other databases that have similar names, possibly allowing the user to conduct unauthorized activities. 2.CVE-2005-0004 A local user could overwrite arbitrary files or read temporary files via a symlink attack. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.mysql.com/products/mysql/ http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:947 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000947 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0957 Computer Incident Advisory Center Bulletin: P-018 http://www.ciac.org/ciac/bulletins/p-018.shtml Conectiva Linux advisory: CLA-2005:947 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 Debian Security Information: DSA-707 (Google Search) http://www.debian.org/security/2005/dsa-707 http://www.mandriva.com/security/advisories?name=MDKSA-2005:070 http://www.redhat.com/support/errata/RHSA-2004-597.html http://www.redhat.com/support/errata/RHSA-2004-611.html https://www.ubuntu.com/usn/usn-32-1/ XForce ISS Database: mysql-underscore-gain-priv(17783) https://exchange.xforce.ibmcloud.com/vulnerabilities/17783 Common Vulnerability Exposure (CVE) ID: CVE-2005-0004 BugTraq ID: 12277 http://www.securityfocus.com/bid/12277 Bugtraq: 20050118 [USN-63-1] MySQL client vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110608297217224&w=2 Debian Security Information: DSA-647 (Google Search) http://www.debian.org/security/2005/dsa-647 http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 http://secunia.com/advisories/13867 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 XForce ISS Database: mysql-mysqlaccess-symlink(18922) https://exchange.xforce.ibmcloud.com/vulnerabilities/18922
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com