English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.62863
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0083
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0083.

Several minor security issues were found in MySQL:

MySQL allowed remote authenticated users to create or access a database
when the database name differed only in case from a database for which they
had permissions. (CVE-2006-4226)

MySQL evaluated arguments in the wrong security context which allowed
remote authenticated users to gain privileges through a routine that had
been made available using GRANT EXECUTE. (CVE-2006-4227)

MySQL allowed a local user to access a table through a previously created
MERGE table, even after the user's privileges were revoked for the original
table, which might violate intended security policy. (CVE-2006-4031)

MySQL allowed authenticated users to cause a denial of service (crash) via
a NULL second argument to the str_to_date function. (CVE-2006-3081)

MySQL allowed local authenticated users to bypass logging mechanisms via
SQL queries that contain the NULL character, which were not properly
handled by the mysql_real_query function. (CVE-2006-0903)

Users of MySQL should upgrade to these updated packages, which resolve
these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0083.html
http://www.redhat.com/security/updates/classification/#low

Risk factor : High

CVSS Score:
6.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-0903
1015693
http://securitytracker.com/id?1015693
16850
http://www.securityfocus.com/bid/16850
19034
http://secunia.com/advisories/19034
19502
http://secunia.com/advisories/19502
19814
http://secunia.com/advisories/19814
20060225 mysql <= 5.0.18
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html
20241
http://secunia.com/advisories/20241
20253
http://secunia.com/advisories/20253
20333
http://secunia.com/advisories/20333
20625
http://secunia.com/advisories/20625
30351
http://secunia.com/advisories/30351
ADV-2006-0752
http://www.vupen.com/english/advisories/2006/0752
DSA-1071
http://www.debian.org/security/2006/dsa-1071
DSA-1073
http://www.debian.org/security/2006/dsa-1073
DSA-1079
http://www.debian.org/security/2006/dsa-1079
MDKSA-2006:064
http://www.mandriva.com/security/advisories?name=MDKSA-2006:064
RHSA-2006:0544
http://www.redhat.com/support/errata/RHSA-2006-0544.html
RHSA-2007:0083
http://www.redhat.com/support/errata/RHSA-2007-0083.html
RHSA-2008:0364
http://www.redhat.com/support/errata/RHSA-2008-0364.html
USN-274-1
https://usn.ubuntu.com/274-1/
USN-274-2
http://www.ubuntu.com/usn/usn-274-2
http://bugs.mysql.com/bug.php?id=17667
http://rst.void.ru/papers/advisory39.txt
mysql-query-log-bypass-security(24966)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24966
oval:org.mitre.oval:def:9915
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915
Common Vulnerability Exposure (CVE) ID: CVE-2006-3081
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
BugTraq ID: 18439
http://www.securityfocus.com/bid/18439
Bugtraq: 20060614 MySQL DoS (Google Search)
http://www.securityfocus.com/archive/1/437145
Bugtraq: 20060615 Re: MySQL DoS (Google Search)
http://www.securityfocus.com/archive/1/437277
http://www.securityfocus.com/archive/1/437571/100/0/threaded
Cert/CC Advisory: TA06-208A
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
Cert/CC Advisory: TA07-072A
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Debian Security Information: DSA-1112 (Google Search)
http://www.debian.org/security/2006/dsa-1112
http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516
http://secunia.com/advisories/19929
http://secunia.com/advisories/20832
http://secunia.com/advisories/20871
http://secunia.com/advisories/24479
https://usn.ubuntu.com/306-1/
http://www.vupen.com/english/advisories/2007/0930
XForce ISS Database: mysql-select-dos(27212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27212
Common Vulnerability Exposure (CVE) ID: CVE-2006-4031
BugTraq ID: 19279
http://www.securityfocus.com/bid/19279
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
http://bugs.mysql.com/bug.php?id=15195
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
http://www.redhat.com/support/errata/RHSA-2008-0768.html
http://securitytracker.com/id?1016617
http://secunia.com/advisories/21259
http://secunia.com/advisories/21382
http://secunia.com/advisories/21627
http://secunia.com/advisories/21685
http://secunia.com/advisories/21770
http://secunia.com/advisories/22080
http://secunia.com/advisories/31226
SuSE Security Announcement: SUSE-SR:2006:023 (Google Search)
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.ubuntu.com/usn/usn-338-1
http://www.vupen.com/english/advisories/2006/3079
Common Vulnerability Exposure (CVE) ID: CVE-2006-4226
BugTraq ID: 19559
http://www.securityfocus.com/bid/19559
Debian Security Information: DSA-1169 (Google Search)
http://www.debian.org/security/2006/dsa-1169
http://bugs.mysql.com/bug.php?id=17647
http://lists.mysql.com/commits/5927
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729
http://www.redhat.com/support/errata/RHSA-2007-0152.html
http://securitytracker.com/id?1016710
http://secunia.com/advisories/21506
http://secunia.com/advisories/21762
http://secunia.com/advisories/24744
http://www.vupen.com/english/advisories/2006/3306
XForce ISS Database: mysql-case-privilege-escalation(28448)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28448
Common Vulnerability Exposure (CVE) ID: CVE-2006-4227
http://lists.mysql.com/commits/7918
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10105
http://securitytracker.com/id?1016709
XForce ISS Database: mysql-grant-execute-privilege-escalation(28442)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28442
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.