Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:685

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55528

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:685

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:685.

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.

An insecure temporary file handling bug was found in the mysql_install_db
script. It is possible for a local user to create specially crafted files
in /tmp which could allow them to execute arbitrary SQL commands during
database installation. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-1636 to this issue.

These packages update mysql to version 4.1.12, fixing a number of problems.
Also, support for SSL-encrypted connections to the database server is now
provided.

All users of mysql are advised to upgrade to these updated packages.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-685.html

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: BugTraq ID: 13660
Common Vulnerability Exposure (CVE) ID: CVE-2005-1636
http://www.securityfocus.com/bid/13660
http://marc.info/?l=full-disclosure&m=111632686805498&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2006:045
http://www.zataz.net/adviso/mysql-05172005.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504
http://www.redhat.com/support/errata/RHSA-2005-685.html
http://secunia.com/advisories/15369
http://secunia.com/advisories/17080

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55528
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:685
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:685. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. An insecure temporary file handling bug was found in the mysql_install_db script. It is possible for a local user to create specially crafted files in /tmp which could allow them to execute arbitrary SQL commands during database installation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1636 to this issue. These packages update mysql to version 4.1.12, fixing a number of problems. Also, support for SSL-encrypted connections to the database server is now provided. All users of mysql are advised to upgrade to these updated packages. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-685.html Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	BugTraq ID: 13660 Common Vulnerability Exposure (CVE) ID: CVE-2005-1636 http://www.securityfocus.com/bid/13660 http://marc.info/?l=full-disclosure&m=111632686805498&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2006:045 http://www.zataz.net/adviso/mysql-05172005.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504 http://www.redhat.com/support/errata/RHSA-2005-685.html http://secunia.com/advisories/15369 http://secunia.com/advisories/17080
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com