Test ID:	1.3.6.1.4.1.25623.1.0.50943
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2003:094
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2003:094. MySQL is a multi-user, multi-threaded SQL database server. A double-free vulnerability in mysqld, for MySQL before version 3.23.55, allows attackers with MySQL access to cause a denial of service (crash) by creating a carefully crafted client application. A remote root exploit vulnerability in mysqld, for MySQL before version 3.23.56, allows MySQL users to gain root privileges by overwriting configuration files. Previous versions of the MySQL packages do not contain the thread safe client library (libmysqlclient_r). All users of MySQL are advised to upgrade to these errata packages containing MySQL 3.23.56. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-094.html http://www.mysql.com/doc/en/News-3.23.55.html http://www.mysql.com/doc/en/News-3.23.56.html Risk factor : Critical CVSS Score: 9.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0073 BugTraq ID: 6718 http://www.securityfocus.com/bid/6718 Bugtraq: 20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=104385719107879&w=2 Conectiva Linux advisory: CLA-2003:743 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 Debian Security Information: DSA-303 (Google Search) http://www.debian.org/security/2003/dsa-303 En Garde Linux Advisory: ESA-20030220-004 http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436 http://www.redhat.com/support/errata/RHSA-2003-093.html RedHat Security Advisories: RHSA-2003:094 http://www.redhat.com/support/errata/RHSA-2003-166.html http://www.iss.net/security_center/static/11199.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0150 BugTraq ID: 7052 http://www.securityfocus.com/bid/7052 Bugtraq: 20030308 MySQL_user_can_be_changed_to_root? (Google Search) http://marc.info/?l=bugtraq&m=104715840202315&w=2 Bugtraq: 20030310 Re: MySQL user can be changed to root (Google Search) http://marc.info/?l=bugtraq&m=104739810523433&w=2 Bugtraq: 20030318 GLSA: mysql (200303-14) (Google Search) http://marc.info/?l=bugtraq&m=104802285012750&w=2 Bugtraq: 20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=104800948128630&w=2 CERT/CC vulnerability note: VU#203897 http://www.kb.cert.org/vuls/id/203897 En Garde Linux Advisory: ESA-20030324-012 http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442 http://rhn.redhat.com/errata/RHSA-2003-094.html XForce ISS Database: mysql-datadir-root-privileges(11510) https://exchange.xforce.ibmcloud.com/vulnerabilities/11510
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.