ID de Prueba:	1.3.6.1.4.1.25623.1.0.52914
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-7 (MySQL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to MySQL announced via advisory TLSA-2003-7. There are the following problems in MySQL. * signed/unsigned problem in COM_TABLE_DUMP * Password length handling in COM_CHANGE_USER * read_rows() overflow in libmysqlclient * read_one_row() overflow in libmysqlclient The vulnerabilities potentially enable local or remote attackers to execute arbitrary shell commands. This can be used to exploit SQL clients if they connect to a compromised MySQL server. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-7 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1373 BugTraq ID: 6368 http://www.securityfocus.com/bid/6368 Bugtraq: 20021212 Advisory 04/2002: Multiple MySQL vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=103971644013961&w=2 Conectiva Linux advisory: CLSA-2002:555 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 Debian Security Information: DSA-212 (Google Search) http://www.debian.org/security/2002/dsa-212 En Garde Linux Advisory: ESA-20030127-001 http://marc.info/?l=bugtraq&m=104004857201968&w=2 Immunix Linux Advisory: IMNX-2003-7+-008-01 http://www.securityfocus.com/advisories/5269 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087 http://security.e-matters.de/advisories/042002.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://www.redhat.com/support/errata/RHSA-2002-289.html http://www.redhat.com/support/errata/RHSA-2003-166.html SuSE Security Announcement: SUSE-SA:2003:003 (Google Search) http://www.novell.com/linux/security/advisories/2003_003_mysql.html http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt XForce ISS Database: mysql-comtabledump-dos(10846) https://exchange.xforce.ibmcloud.com/vulnerabilities/10846 Common Vulnerability Exposure (CVE) ID: CVE-2002-1374 BugTraq ID: 6373 http://www.securityfocus.com/bid/6373 Bugtraq: 20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=104005886114500&w=2 En Garde Linux Advisory: ESA-20021213-033 http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html XForce ISS Database: mysql-comchangeuser-password-bypass(10847) https://exchange.xforce.ibmcloud.com/vulnerabilities/10847 Common Vulnerability Exposure (CVE) ID: CVE-2002-1375 BugTraq ID: 6375 http://www.securityfocus.com/bid/6375 XForce ISS Database: mysql-comchangeuser-password-bo(10848) https://exchange.xforce.ibmcloud.com/vulnerabilities/10848 Common Vulnerability Exposure (CVE) ID: CVE-2002-1376 BugTraq ID: 6370 http://www.securityfocus.com/bid/6370 BugTraq ID: 6374 http://www.securityfocus.com/bid/6374 Bugtraq: 20021215 GLSA: mysql (Google Search) Bugtraq: 20021219 TSLSA-2002-0086 - mysql (Google Search) http://marc.info/?l=bugtraq&m=104033188706000&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2002:087 XForce ISS Database: mysql-libmysqlclient-readonerow-bo(10850) https://exchange.xforce.ibmcloud.com/vulnerabilities/10850 XForce ISS Database: mysql-libmysqlclient-readrows-bo(10849) https://exchange.xforce.ibmcloud.com/vulnerabilities/10849
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.