Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0442

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67418

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0442

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0442.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

A buffer overflow flaw was found in the way MySQL handled the parameters of
the MySQL COM_FIELD_LIST network protocol command (this command is sent
when a client uses the MySQL mysql_list_fields() client library function).
An authenticated database user could send a request with an excessively
long table name to cause a temporary denial of service (mysqld crash) or,
potentially, execute arbitrary code with the privileges of the database
server. (CVE-2010-1850)

A directory traversal flaw was found in the way MySQL handled the
parameters of the MySQL COM_FIELD_LIST network protocol command. An
authenticated database user could use this flaw to obtain descriptions of
the fields of an arbitrary table using a request with a specially-crafted
table name. (CVE-2010-1848)

A flaw was discovered in the way MySQL handled symbolic links to tables
created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE
TABLE statements. An attacker with CREATE and DROP table privileges, and
shell access to the database server, could use this flaw to remove data and
index files of tables created by other database users using the MyISAM
storage engine. (CVE-2010-1626)

All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0442.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1626
1024004
http://securitytracker.com/id?1024004
40257
http://www.securityfocus.com/bid/40257
ADV-2010-1194
http://www.vupen.com/english/advisories/2010/1194
MDVSA-2010:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:101
RHSA-2010:0442
http://www.redhat.com/support/errata/RHSA-2010-0442.html
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE-SR:2010:021
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
USN-1397-1
http://www.ubuntu.com/usn/USN-1397-1
[oss-security] 20100510 Re: A mysql flaw.
http://www.openwall.com/lists/oss-security/2010/05/10/2
[oss-security] 20100518 Re: A mysql flaw.
http://www.openwall.com/lists/oss-security/2010/05/18/4
http://bugs.mysql.com/bug.php?id=40980
oval:org.mitre.oval:def:9490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490
Common Vulnerability Exposure (CVE) ID: CVE-2010-1848
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:107
http://lists.mysql.com/commits/107532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210
http://www.redhat.com/support/errata/RHSA-2010-0824.html
http://securitytracker.com/id?1024031
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-1850
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693
http://securitytracker.com/id?1024033

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67418
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0442
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0442. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command (this command is sent when a client uses the MySQL mysql_list_fields() client library function). An authenticated database user could send a request with an excessively long table name to cause a temporary denial of service (mysqld crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-1850) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. An authenticated database user could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially-crafted table name. (CVE-2010-1848) A flaw was discovered in the way MySQL handled symbolic links to tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE TABLE statements. An attacker with CREATE and DROP table privileges, and shell access to the database server, could use this flaw to remove data and index files of tables created by other database users using the MyISAM storage engine. (CVE-2010-1626) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0442.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1626 1024004 http://securitytracker.com/id?1024004 40257 http://www.securityfocus.com/bid/40257 ADV-2010-1194 http://www.vupen.com/english/advisories/2010/1194 MDVSA-2010:101 http://www.mandriva.com/security/advisories?name=MDVSA-2010:101 RHSA-2010:0442 http://www.redhat.com/support/errata/RHSA-2010-0442.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SUSE-SR:2010:021 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html USN-1397-1 http://www.ubuntu.com/usn/USN-1397-1 [oss-security] 20100510 Re: A mysql flaw. http://www.openwall.com/lists/oss-security/2010/05/10/2 [oss-security] 20100518 Re: A mysql flaw. http://www.openwall.com/lists/oss-security/2010/05/18/4 http://bugs.mysql.com/bug.php?id=40980 oval:org.mitre.oval:def:9490 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490 Common Vulnerability Exposure (CVE) ID: CVE-2010-1848 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:107 http://lists.mysql.com/commits/107532 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210 http://www.redhat.com/support/errata/RHSA-2010-0824.html http://securitytracker.com/id?1024031 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) SuSE Security Announcement: SUSE-SR:2010:021 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2010-1850 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693 http://securitytracker.com/id?1024033
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com