Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200405-20 (MySQL)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54580

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200405-20 (MySQL)

Resumen: The remote host is missing updates announced in;advisory GLSA 200405-20.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200405-20.

Vulnerability Insight:
Two MySQL utilities create temporary files with hardcoded paths, allowing
an attacker to use a symlink to trick MySQL into overwriting important
data.

Solution:
All users should upgrade to the latest stable version of MySQL.

# emerge sync

# emerge -pv '>=dev-db/mysql-4.0.18-r2'
# emerge '>=dev-db/mysql-4.0.18-r2'

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0381
BugTraq ID: 9976
http://www.securityfocus.com/bid/9976
Bugtraq: 20040324 mysqlbug tmpfile/symlink vulnerability. (Google Search)
http://marc.info/?l=bugtraq&m=108023246916294&w=2
Bugtraq: 20040414 [OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql) (Google Search)
http://marc.info/?l=bugtraq&m=108206802810402&w=2
Computer Incident Advisory Center Bulletin: P-018
http://www.ciac.org/ciac/bulletins/p-018.shtml
Debian Security Information: DSA-483 (Google Search)
http://www.debian.org/security/2004/dsa-483
http://security.gentoo.org/glsa/glsa-200405-20.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11557
http://www.redhat.com/support/errata/RHSA-2004-569.html
http://www.redhat.com/support/errata/RHSA-2004-597.html
XForce ISS Database: mysql-mysqlbug-symlink(15617)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15617
Common Vulnerability Exposure (CVE) ID: CVE-2004-0388
BugTraq ID: 10142
http://www.securityfocus.com/bid/10142
http://www.osvdb.org/6421
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10559
http://securitytracker.com/id?1009784
http://secunia.com/advisories/11223/
XForce ISS Database: mysql-mysqldmulti-symlink(15883)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15883

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54580
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200405-20 (MySQL)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200405-20.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200405-20. Vulnerability Insight: Two MySQL utilities create temporary files with hardcoded paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data. Solution: All users should upgrade to the latest stable version of MySQL. # emerge sync # emerge -pv '>=dev-db/mysql-4.0.18-r2' # emerge '>=dev-db/mysql-4.0.18-r2' CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0381 BugTraq ID: 9976 http://www.securityfocus.com/bid/9976 Bugtraq: 20040324 mysqlbug tmpfile/symlink vulnerability. (Google Search) http://marc.info/?l=bugtraq&m=108023246916294&w=2 Bugtraq: 20040414 [OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=108206802810402&w=2 Computer Incident Advisory Center Bulletin: P-018 http://www.ciac.org/ciac/bulletins/p-018.shtml Debian Security Information: DSA-483 (Google Search) http://www.debian.org/security/2004/dsa-483 http://security.gentoo.org/glsa/glsa-200405-20.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11557 http://www.redhat.com/support/errata/RHSA-2004-569.html http://www.redhat.com/support/errata/RHSA-2004-597.html XForce ISS Database: mysql-mysqlbug-symlink(15617) https://exchange.xforce.ibmcloud.com/vulnerabilities/15617 Common Vulnerability Exposure (CVE) ID: CVE-2004-0388 BugTraq ID: 10142 http://www.securityfocus.com/bid/10142 http://www.osvdb.org/6421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10559 http://securitytracker.com/id?1009784 http://secunia.com/advisories/11223/ XForce ISS Database: mysql-mysqldmulti-symlink(15883) https://exchange.xforce.ibmcloud.com/vulnerabilities/15883
Copyright	Copyright (C) 2008 E-Soft Inc.