English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 73247 Descripciones CVE y
39212 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63872
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDVSA-2009:094 (mysql)
Resumen:Mandrake Security Advisory MDVSA-2009:094 (mysql)
Descripción:The remote host is missing an update to mysql
announced via advisory MDVSA-2009:094.

Multiple vulnerabilities has been found and corrected in mysql:

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6
does not properly handle a b'' (b single-quote single-quote) token,
aka an empty bit-string literal, which allows remote attackers to
cause a denial of service (daemon crash) by using this token in a
SQL statement (CVE-2008-3963).

MySQL 5.0.51a allows local users to bypass certain privilege checks by
calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY
or (2) INDEX DIRECTORY arguments that are associated with symlinks
within pathnames for subdirectories of the MySQL home data directory,
which are followed when tables are created in the future. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2008-2079
(CVE-2008-4097).

MySQL before 5.0.67 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally
associated with pathnames without symlinks, and that can point to
tables created at a future time at which a pathname is modified
to contain a symlink to a subdirectory of the MySQL home data
directory. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2008-4097 (CVE-2008-4098).

Cross-site scripting (XSS) vulnerability in the command-line client
in MySQL 5.0.26 through 5.0.45, when the --html option is enabled,
allows attackers to inject arbitrary web script or HTML by placing
it in a database cell, which might be accessed by this client when
composing an HTML document (CVE-2008-4456).

bugs in the Mandriva Linux 2008.1 packages that has been fixed:

o upstream fix for mysql bug35754 (#38398, #44691)
o fix #46116 (initialization file mysqld-max don't show correct
application status)
o fix upstream bug 42366

bugs in the Mandriva Linux 2009.0 packages that has been fixed:

o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,
CVE-2008-4098)
o no need to workaround #38398, #44691 anymore (since 5.0.75)
o fix upstream bug 42366
o fix #46116 (initialization file mysqld-max don't show correct
application status)
o sphinx-0.9.8.1

bugs in the Mandriva Linux Corporate Server 4 packages that has
been fixed:
o fix upstream bug 42366
o fix #46116 (initialization file mysqld-max don't show correct
application status)

The updated packages have been patched to correct these issues.

Affected: 2008.1, 2009.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:094
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3963
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
Debian Security Information: DSA-1783 (Google Search)
http://www.debian.org/security/2009/dsa-1783
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2009-1289.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://www.ubuntu.com/usn/USN-671-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521
http://secunia.com/advisories/34907
http://secunia.com/advisories/32769
http://secunia.com/advisories/36566
http://www.vupen.com/english/advisories/2008/2554
http://www.securitytracker.com/id?1020858
http://secunia.com/advisories/31769
http://secunia.com/advisories/32759
XForce ISS Database: mysql-bitstring-dos(45042)
http://xforce.iss.net/xforce/xfdb/45042
Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Debian Security Information: DSA-1608 (Google Search)
http://www.debian.org/security/2008/dsa-1608
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0510.html
http://www.redhat.com/support/errata/RHSA-2008-0768.html
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
BugTraq ID: 29106
http://www.securityfocus.com/bid/29106
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10133
http://secunia.com/advisories/36701
http://www.vupen.com/english/advisories/2008/1472/references
http://www.vupen.com/english/advisories/2008/2780
http://www.securitytracker.com/id?1019995
http://secunia.com/advisories/30134
http://secunia.com/advisories/31066
http://secunia.com/advisories/31226
http://secunia.com/advisories/31687
http://secunia.com/advisories/32222
XForce ISS Database: mysql-myisam-security-bypass(42267)
http://xforce.iss.net/xforce/xfdb/42267
Common Vulnerability Exposure (CVE) ID: CVE-2008-4097
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
XForce ISS Database: mysql-myisam-symlinks-security-bypass(45648)
http://xforce.iss.net/xforce/xfdb/45648
Common Vulnerability Exposure (CVE) ID: CVE-2008-4098
Debian Security Information: DSA-1662 (Google Search)
http://www.debian.org/security/2008/dsa-1662
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://ubuntu.com/usn/usn-897-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10591
http://secunia.com/advisories/38517
http://secunia.com/advisories/32578
XForce ISS Database: mysql-myisam-symlink-security-bypass(45649)
http://xforce.iss.net/xforce/xfdb/45649
Common Vulnerability Exposure (CVE) ID: CVE-2008-4456
Bugtraq: 20080930 MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496842/100/0/threaded
Bugtraq: 20080930 RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496877/100/0/threaded
Bugtraq: 20081004 RE: RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://seclists.org/bugtraq/2008/Oct/0026.html
Bugtraq: 20081029 Re: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/497158/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/497885/100/0/threaded
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 31486
http://www.securityfocus.com/bid/31486
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11456
http://secunia.com/advisories/32072
http://securityreason.com/securityalert/4357
XForce ISS Database: mysql-commandline-xss(45590)
http://xforce.iss.net/xforce/xfdb/45590
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 39212 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.