ID de Prueba:	1.3.6.1.4.1.25623.1.0.62873
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0894
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0894. On the 23rd August 2007, Red Hat Application Stack v1.2 was released. This release contained a new version of MySQL that corrected several security issues found in the MySQL packages of Red Hat Application Stack v1.1. Users who have already updated to Red Hat Application Stack v1.2 will already have the new MySQL packages and are not affected by these issues. A flaw was discovered in MySQL's authentication protocol. A remote unauthenticated attacker could send a specially crafted authentication request to the MySQL server causing it to crash. (CVE-2007-3780) MySQL did not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement. A remote authenticated user could obtain sensitive information such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed remote authenticated users to gain update privileges for a table in another database via a view that refers to the external table (CVE-2007-3782). A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. A remote authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL did not require the DROP privilege for RENAME TABLE statements. A remote authenticated users could use this flaw to rename arbitrary tables. (CVE-2007-2691) Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0894.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2691 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 24016 http://www.securityfocus.com/bid/24016 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/473874/100/0/threaded Debian Security Information: DSA-1413 (Google Search) http://www.debian.org/security/2007/dsa-1413 http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 http://bugs.mysql.com/bug.php?id=27515 http://lists.mysql.com/announce/470 http://osvdb.org/34766 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 http://www.redhat.com/support/errata/RHSA-2007-0894.html http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.securitytracker.com/id?1018069 http://secunia.com/advisories/25301 http://secunia.com/advisories/25946 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/27155 http://secunia.com/advisories/27823 http://secunia.com/advisories/28838 http://secunia.com/advisories/30351 http://secunia.com/advisories/31226 http://secunia.com/advisories/32222 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html https://usn.ubuntu.com/528-1/ http://www.vupen.com/english/advisories/2007/1804 http://www.vupen.com/english/advisories/2008/2780 XForce ISS Database: mysql-renametable-weak-security(34347) https://exchange.xforce.ibmcloud.com/vulnerabilities/34347 Common Vulnerability Exposure (CVE) ID: CVE-2007-2692 BugTraq ID: 24011 http://www.securityfocus.com/bid/24011 http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 http://bugs.mysql.com/bug.php?id=27337 http://osvdb.org/34765 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 http://www.securitytracker.com/id?1018070 http://secunia.com/advisories/28637 http://secunia.com/advisories/29443 http://www.ubuntu.com/usn/usn-588-1 XForce ISS Database: mysql-changedb-privilege-escalation(34348) https://exchange.xforce.ibmcloud.com/vulnerabilities/34348 Common Vulnerability Exposure (CVE) ID: CVE-2007-3780 BugTraq ID: 25017 http://www.securityfocus.com/bid/25017 http://security.gentoo.org/glsa/glsa-200708-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 http://bugs.mysql.com/bug.php?id=28984 http://osvdb.org/36732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058 http://www.redhat.com/support/errata/RHSA-2007-0875.html http://www.securitytracker.com/id?1018629 http://secunia.com/advisories/26498 http://secunia.com/advisories/26621 http://secunia.com/advisories/26710 http://secunia.com/advisories/26987 SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.vupen.com/english/advisories/2008/1000/references Common Vulnerability Exposure (CVE) ID: CVE-2007-3781 Debian Security Information: DSA-1451 (Google Search) http://www.debian.org/security/2008/dsa-1451 http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 http://bugs.mysql.com/bug.php?id=25578 http://osvdb.org/37783 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 http://secunia.com/advisories/28040 http://secunia.com/advisories/28108 http://secunia.com/advisories/28128 http://secunia.com/advisories/28343 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 https://usn.ubuntu.com/559-1/ Common Vulnerability Exposure (CVE) ID: CVE-2007-3782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10563 http://securitytracker.com/id?1018663
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.