FreeBSD Local Security Checks : FreeBSD Ports: mysql-server

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61618

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: mysql-server

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: mysql-server

CVE-2008-2079
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24,
and 6.0.x before 6.0.5 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the
MySQL home data directory, which can point to tables that are created
in the future.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
1019995
http://www.securitytracker.com/id?1019995
29106
http://www.securityfocus.com/bid/29106
30134
http://secunia.com/advisories/30134
31066
http://secunia.com/advisories/31066
31226
http://secunia.com/advisories/31226
31681
http://www.securityfocus.com/bid/31681
31687
http://secunia.com/advisories/31687
32222
http://secunia.com/advisories/32222
32769
http://secunia.com/advisories/32769
36566
http://secunia.com/advisories/36566
36701
http://secunia.com/advisories/36701
ADV-2008-1472
http://www.vupen.com/english/advisories/2008/1472/references
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
APPLE-SA-2009-09-10-2
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
DSA-1608
http://www.debian.org/security/2008/dsa-1608
MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
MDVSA-2008:150
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
RHSA-2008:0505
http://www.redhat.com/support/errata/RHSA-2008-0505.html
RHSA-2008:0510
http://www.redhat.com/support/errata/RHSA-2008-0510.html
RHSA-2008:0768
http://www.redhat.com/support/errata/RHSA-2008-0768.html
RHSA-2009:1289
http://www.redhat.com/support/errata/RHSA-2009-1289.html
SUSE-SR:2008:017
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
USN-671-1
http://www.ubuntu.com/usn/USN-671-1
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3865
mysql-myisam-security-bypass(42267)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267
oval:org.mitre.oval:def:10133
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61618
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: mysql-server
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: mysql-server CVE-2008-2079 MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2079 1019995 http://www.securitytracker.com/id?1019995 29106 http://www.securityfocus.com/bid/29106 30134 http://secunia.com/advisories/30134 31066 http://secunia.com/advisories/31066 31226 http://secunia.com/advisories/31226 31681 http://www.securityfocus.com/bid/31681 31687 http://secunia.com/advisories/31687 32222 http://secunia.com/advisories/32222 32769 http://secunia.com/advisories/32769 36566 http://secunia.com/advisories/36566 36701 http://secunia.com/advisories/36701 ADV-2008-1472 http://www.vupen.com/english/advisories/2008/1472/references ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html APPLE-SA-2009-09-10-2 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DSA-1608 http://www.debian.org/security/2008/dsa-1608 MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 MDVSA-2008:150 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 RHSA-2008:0505 http://www.redhat.com/support/errata/RHSA-2008-0505.html RHSA-2008:0510 http://www.redhat.com/support/errata/RHSA-2008-0510.html RHSA-2008:0768 http://www.redhat.com/support/errata/RHSA-2008-0768.html RHSA-2009:1289 http://www.redhat.com/support/errata/RHSA-2009-1289.html SUSE-SR:2008:017 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html USN-671-1 http://www.ubuntu.com/usn/USN-671-1 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3865 mysql-myisam-security-bypass(42267) https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 oval:org.mitre.oval:def:10133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
Copyright	Copyright (C) 2008 E-Soft Inc.