 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2018.0031 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2018-0031) |
| Resumen: | The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0031 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'perl-DBD-mysql' package(s) announced via the MGASA-2018-0031 advisory. Vulnerability Insight: Pali Rohar discovered that DBD::mysql constructed an error message in a fixed-length buffer, leading to a crash (_FORTIFY_SOURCE failure) and, potentially, to denial of service (CVE-2016-1246). A vulnerability was discovered in perl-DBD-MySQL that can lead to an out-of-bounds read when using server side prepared statements with an unaligned number of placeholders in WHERE condition and output fields in SELECT expression (CVE-2016-1249). There is a vulnerability of type use-after-free affecting DBD::mysql before 4.041 when used with mysql_server_prepare=1 (CVE-2016-1251). The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples (CVE-2017-10788). The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a 'your communication with the server will be encrypted' statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack (CVE-2017-10789). Note that the CVE-2016-1246, CVE-2017-1249, and CVE-2016-1251 issues only affected Mageia 5. Also note that server-side prepared statements are disabled by default. Affected Software/OS: 'perl-DBD-mysql' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1246 BugTraq ID: 93337 http://www.securityfocus.com/bid/93337 Debian Security Information: DSA-3684 (Google Search) http://www.debian.org/security/2016/dsa-3684 https://security.gentoo.org/glsa/201701-51 Common Vulnerability Exposure (CVE) ID: CVE-2016-1249 BugTraq ID: 94350 http://www.securityfocus.com/bid/94350 http://www.openwall.com/lists/oss-security/2016/11/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1251 BugTraq ID: 94573 http://www.securityfocus.com/bid/94573 Common Vulnerability Exposure (CVE) ID: CVE-2017-10788 BugTraq ID: 99374 http://www.securityfocus.com/bid/99374 http://seclists.org/oss-sec/2017/q2/443 https://github.com/perl5-dbi/DBD-mysql/issues/120 Common Vulnerability Exposure (CVE) ID: CVE-2017-10789 BugTraq ID: 99364 http://www.securityfocus.com/bid/99364 https://github.com/perl5-dbi/DBD-mysql/issues/110 https://github.com/perl5-dbi/DBD-mysql/issues/140 https://github.com/perl5-dbi/DBD-mysql/pull/114 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |