English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60260
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2008:028 (mysql)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mysql
announced via advisory MDVSA-2008:028.

The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not
restore THD::db_access privileges when returning from SQL SECURITY
INVOKER stored routines, which allowed remote authenticated users to
gain privileges (CVE-2007-2692).

The federated engine in MySQL 5.0.x, when performing a certain SHOW
TABLE STATUS query, did not properly handle a response with a small
number of columns, which could allow a remote MySQL server to cause
a denial of service (federated handler crash and daemon crash)
via a response that lacks the minimum required number of columns
(CVE-2007-6304).

The updated packages provide MySQL 5.0.45 for all Mandriva Linux
platforms that shipped with MySQL 5.0.x which offers a number of
feature enhancements and bug fixes. In addition, the updates for
Corporate Server 4.0 include support for the Sphinx engine.

Please note that due to the package name change (from 'MySQL' to
'mysql'), the mysqld service will not restart automatically so users
must execute 'service mysqld start' after the upgrade is complete.

Affected: 2007.0, 2007.1, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:028

Risk factor : High

CVSS Score:
6.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2692
BugTraq ID: 24011
http://www.securityfocus.com/bid/24011
Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search)
http://www.securityfocus.com/archive/1/473874/100/0/threaded
Debian Security Information: DSA-1413 (Google Search)
http://www.debian.org/security/2007/dsa-1413
http://www.mandriva.com/security/advisories?name=MDVSA-2008:028
http://bugs.mysql.com/bug.php?id=27337
http://lists.mysql.com/announce/470
http://osvdb.org/34765
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166
http://www.redhat.com/support/errata/RHSA-2007-0894.html
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://www.securitytracker.com/id?1018070
http://secunia.com/advisories/25301
http://secunia.com/advisories/26073
http://secunia.com/advisories/26430
http://secunia.com/advisories/27823
http://secunia.com/advisories/28637
http://secunia.com/advisories/28838
http://secunia.com/advisories/29443
http://secunia.com/advisories/30351
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.ubuntu.com/usn/usn-588-1
http://www.vupen.com/english/advisories/2007/1804
XForce ISS Database: mysql-changedb-privilege-escalation(34348)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34348
Common Vulnerability Exposure (CVE) ID: CVE-2007-6304
BugTraq ID: 26832
http://www.securityfocus.com/bid/26832
Bugtraq: 20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server (Google Search)
http://www.securityfocus.com/archive/1/487606/100/0/threaded
Debian Security Information: DSA-1451 (Google Search)
http://www.debian.org/security/2008/dsa-1451
http://security.gentoo.org/glsa/glsa-200804-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:017
http://osvdb.org/42609
http://securitytracker.com/id?1019085
http://secunia.com/advisories/28063
http://secunia.com/advisories/28128
http://secunia.com/advisories/28343
http://secunia.com/advisories/28739
http://secunia.com/advisories/29706
https://usn.ubuntu.com/559-1/
http://www.vupen.com/english/advisories/2007/4198
XForce ISS Database: mysql-federated-engine-dos(38990)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38990
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.