English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58435
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:139 (MySQL)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to MySQL
announced via advisory MDKSA-2007:139.

MySQL 5.x before 5.0.36 allows local users to cause a denial of service
(database crash) by performing information_schema table subselects
and using ORDER BY to sort a single-row result, which prevents
certain structure elements from being initialized and triggers a
NULL dereference in the filesort function. This issue does not affect
MySQL 5.0.37 in Mandriva Linux 2007.1. (CVE-2007-1420)

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40,
and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause
a denial of service (crash) via a crafted IF clause that results in
a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18
does not require the DROP privilege for RENAME TABLE statements,
which allows remote authenticated users to rename arbitrary
tables. (CVE-2007-2691)

Updated packages have been patched to prevent the above issues.

Affected: 2007.0, 2007.1, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:139

Risk factor : Medium

CVSS Score:
4.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1420
BugTraq ID: 22900
http://www.securityfocus.com/bid/22900
Bugtraq: 20070309 SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service (Google Search)
http://www.securityfocus.com/archive/1/462339/100/0/threaded
http://security.gentoo.org/glsa/glsa-200705-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
http://www.sec-consult.com/284.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9530
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://www.securitytracker.com/id?1017746
http://secunia.com/advisories/24483
http://secunia.com/advisories/24609
http://secunia.com/advisories/25196
http://secunia.com/advisories/25389
http://secunia.com/advisories/25946
http://secunia.com/advisories/30351
http://securityreason.com/securityalert/2413
http://www.ubuntu.com/usn/usn-440-1
http://www.vupen.com/english/advisories/2007/0908
Common Vulnerability Exposure (CVE) ID: CVE-2007-2583
BugTraq ID: 23911
http://www.securityfocus.com/bid/23911
Debian Security Information: DSA-1413 (Google Search)
http://www.debian.org/security/2007/dsa-1413
http://www.exploit-db.com/exploits/30020
http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html
http://www.osvdb.org/34734
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9930
http://secunia.com/advisories/25188
http://secunia.com/advisories/25255
http://secunia.com/advisories/27155
http://secunia.com/advisories/27823
http://secunia.com/advisories/28838
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.trustix.org/errata/2007/0017/
https://usn.ubuntu.com/528-1/
http://www.vupen.com/english/advisories/2007/1731
XForce ISS Database: mysql-if-dos(34232)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34232
Common Vulnerability Exposure (CVE) ID: CVE-2007-2691
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 24016
http://www.securityfocus.com/bid/24016
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search)
http://www.securityfocus.com/archive/1/473874/100/0/threaded
http://bugs.mysql.com/bug.php?id=27515
http://lists.mysql.com/announce/470
http://osvdb.org/34766
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559
http://www.redhat.com/support/errata/RHSA-2007-0894.html
http://www.redhat.com/support/errata/RHSA-2008-0768.html
http://www.securitytracker.com/id?1018069
http://secunia.com/advisories/25301
http://secunia.com/advisories/26073
http://secunia.com/advisories/26430
http://secunia.com/advisories/31226
http://secunia.com/advisories/32222
http://www.vupen.com/english/advisories/2007/1804
http://www.vupen.com/english/advisories/2008/2780
XForce ISS Database: mysql-renametable-weak-security(34347)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34347
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.