ID de Prueba:	1.3.6.1.4.1.25623.1.0.56921
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0544
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0544. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0544.html http://lists.mysql.com/announce/364 http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0903 1015693 http://securitytracker.com/id?1015693 16850 http://www.securityfocus.com/bid/16850 19034 http://secunia.com/advisories/19034 19502 http://secunia.com/advisories/19502 19814 http://secunia.com/advisories/19814 20060225 mysql <= 5.0.18 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html 20241 http://secunia.com/advisories/20241 20253 http://secunia.com/advisories/20253 20333 http://secunia.com/advisories/20333 20625 http://secunia.com/advisories/20625 30351 http://secunia.com/advisories/30351 ADV-2006-0752 http://www.vupen.com/english/advisories/2006/0752 DSA-1071 http://www.debian.org/security/2006/dsa-1071 DSA-1073 http://www.debian.org/security/2006/dsa-1073 DSA-1079 http://www.debian.org/security/2006/dsa-1079 MDKSA-2006:064 http://www.mandriva.com/security/advisories?name=MDKSA-2006:064 RHSA-2006:0544 http://www.redhat.com/support/errata/RHSA-2006-0544.html RHSA-2007:0083 http://www.redhat.com/support/errata/RHSA-2007-0083.html RHSA-2008:0364 http://www.redhat.com/support/errata/RHSA-2008-0364.html USN-274-1 https://usn.ubuntu.com/274-1/ USN-274-2 http://www.ubuntu.com/usn/usn-274-2 http://bugs.mysql.com/bug.php?id=17667 http://rst.void.ru/papers/advisory39.txt mysql-query-log-bypass-security(24966) https://exchange.xforce.ibmcloud.com/vulnerabilities/24966 oval:org.mitre.oval:def:9915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915 Common Vulnerability Exposure (CVE) ID: CVE-2006-1516 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 17780 http://www.securityfocus.com/bid/17780 Bugtraq: 20060502 MySQL Anonymous Login Handshake - Information Leakage. (Google Search) http://www.securityfocus.com/archive/1/432733/100/0/threaded Bugtraq: 20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage (Google Search) http://www.securityfocus.com/archive/1/434164/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1071 (Google Search) Debian Security Information: DSA-1073 (Google Search) Debian Security Information: DSA-1079 (Google Search) http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:084 http://www.wisec.it/vulns.php?page=7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9918 http://securitytracker.com/id?1016017 http://secunia.com/advisories/19929 http://secunia.com/advisories/20002 http://secunia.com/advisories/20073 http://secunia.com/advisories/20076 http://secunia.com/advisories/20223 http://secunia.com/advisories/20424 http://secunia.com/advisories/20457 http://secunia.com/advisories/20762 http://secunia.com/advisories/24479 http://secunia.com/advisories/29847 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377 http://securityreason.com/securityalert/840 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 SuSE Security Announcement: SUSE-SA:2006:036 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html SuSE Security Announcement: SUSE-SR:2006:012 (Google Search) http://www.novell.com/linux/security/advisories/2006-06-02.html http://www.trustix.org/errata/2006/0028 https://usn.ubuntu.com/283-1/ http://www.vupen.com/english/advisories/2006/1633 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2008/1326/references XForce ISS Database: mysql-login-packet-info-disclosure(26236) https://exchange.xforce.ibmcloud.com/vulnerabilities/26236 Common Vulnerability Exposure (CVE) ID: CVE-2006-1517 Bugtraq: 20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution. (Google Search) http://www.securityfocus.com/archive/1/432734/100/0/threaded http://www.wisec.it/vulns.php?page=8 http://www.osvdb.org/25228 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11036 http://securitytracker.com/id?1016016 http://securityreason.com/securityalert/839 XForce ISS Database: mysql-sqlparcecc-information-disclosure(26228) https://exchange.xforce.ibmcloud.com/vulnerabilities/26228 Common Vulnerability Exposure (CVE) ID: CVE-2006-2753 1016216 http://securitytracker.com/id?1016216 18219 http://www.securityfocus.com/bid/18219 2006-0034 http://www.trustix.org/errata/2006/0034/ 20365 http://secunia.com/advisories/20365 20489 http://secunia.com/advisories/20489 20531 http://secunia.com/advisories/20531 20541 http://secunia.com/advisories/20541 20562 http://secunia.com/advisories/20562 20712 http://secunia.com/advisories/20712 24479 ADV-2006-2105 http://www.vupen.com/english/advisories/2006/2105 ADV-2007-0930 APPLE-SA-2007-03-13 DSA-1092 http://www.debian.org/security/2006/dsa-1092 GLSA-200606-13 http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml MDKSA-2006:097 http://www.mandriva.com/security/advisories?name=MDKSA-2006:097 TA07-072A USN-288-3 http://www.ubuntu.com/usn/usn-288-3 USN-303-1 https://usn.ubuntu.com/303-1/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735 http://docs.info.apple.com/article.html?artnum=305214 http://lists.mysql.com/announce/364 mysql-ascii-sql-injection(26875) https://exchange.xforce.ibmcloud.com/vulnerabilities/26875 oval:org.mitre.oval:def:10312 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.