English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.122444
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2009-1289)
Summary:The remote host is missing an update for the 'mysql' package(s) announced via the ELSA-2009-1289 advisory.
Description:Summary:
The remote host is missing an update for the 'mysql' package(s) announced via the ELSA-2009-1289 advisory.

Vulnerability Insight:
[5.0.77-3]
- Add fix for CVE-2009-2446 (format string vulnerability in COM_CREATE_DB and
COM_DROP_DB processing)
Resolves: #512200

[5.0.77-2]
- Back-port upstream fix for CVE-2008-4456 (mysql command line client XSS flaw)
Resolves: #502169

[5.0.77-1]
- Update to MySQL 5.0.77, for numerous fixes described at
[link moved to references]
including low-priority security issues CVE-2008-2079, CVE-2008-3963
Resolves: #448487, #448534, #452824, #453156, #455619, #456875
Resolves: #457218, #462534, #470036, #476896, #479615
- Improve mysql.init to pass configured datadir to mysql_install_db,
and to force user=mysql for both mysql_install_db and mysqld_safe.
Resolves: #450178
- Fix mysql.init to wait correctly when socket is not in default place
Resolves: #435494

Affected Software/OS:
'mysql' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
1019995
http://www.securitytracker.com/id?1019995
29106
http://www.securityfocus.com/bid/29106
30134
http://secunia.com/advisories/30134
31066
http://secunia.com/advisories/31066
31226
http://secunia.com/advisories/31226
31681
http://www.securityfocus.com/bid/31681
31687
http://secunia.com/advisories/31687
32222
http://secunia.com/advisories/32222
32769
http://secunia.com/advisories/32769
36566
http://secunia.com/advisories/36566
36701
http://secunia.com/advisories/36701
ADV-2008-1472
http://www.vupen.com/english/advisories/2008/1472/references
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
APPLE-SA-2009-09-10-2
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
DSA-1608
http://www.debian.org/security/2008/dsa-1608
MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
MDVSA-2008:150
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
RHSA-2008:0505
http://www.redhat.com/support/errata/RHSA-2008-0505.html
RHSA-2008:0510
http://www.redhat.com/support/errata/RHSA-2008-0510.html
RHSA-2008:0768
http://www.redhat.com/support/errata/RHSA-2008-0768.html
RHSA-2009:1289
http://www.redhat.com/support/errata/RHSA-2009-1289.html
SUSE-SR:2008:017
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
USN-671-1
http://www.ubuntu.com/usn/USN-671-1
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3865
mysql-myisam-security-bypass(42267)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267
oval:org.mitre.oval:def:10133
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
Common Vulnerability Exposure (CVE) ID: CVE-2008-3963
Debian Security Information: DSA-1783 (Google Search)
http://www.debian.org/security/2009/dsa-1783
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.securitytracker.com/id?1020858
http://secunia.com/advisories/31769
http://secunia.com/advisories/32759
http://secunia.com/advisories/34907
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2008/2554
XForce ISS Database: mysql-bitstring-dos(45042)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45042
Common Vulnerability Exposure (CVE) ID: CVE-2008-4456
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 31486
http://www.securityfocus.com/bid/31486
Bugtraq: 20080930 MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496842/100/0/threaded
Bugtraq: 20080930 RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496877/100/0/threaded
Bugtraq: 20081004 RE: RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://seclists.org/bugtraq/2008/Oct/0026.html
Bugtraq: 20081029 Re: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/497158/100/0/threaded
http://www.securityfocus.com/archive/1/497885/100/0/threaded
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://secunia.com/advisories/32072
http://secunia.com/advisories/38517
http://securityreason.com/securityalert/4357
http://ubuntu.com/usn/usn-897-1
XForce ISS Database: mysql-commandline-xss(45590)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45590
Common Vulnerability Exposure (CVE) ID: CVE-2009-2446
BugTraq ID: 35609
http://www.securityfocus.com/bid/35609
Bugtraq: 20090708 MySQL <= 5.0.45 post auth format string vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504799/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
http://www.osvdb.org/55734
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857
http://securitytracker.com/id?1022533
http://secunia.com/advisories/35767
http://www.vupen.com/english/advisories/2009/1857
XForce ISS Database: mysql-dispatchcommand-format-string(51614)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51614
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.