Test ID:	1.3.6.1.4.1.25623.1.0.51461
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:743
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:743. MySQL is a very popular SQL database, distributed under the GNU-GPL license. This update fixes three vulnerabilities in the versions of MySQL distributed with Conectiva Linux: 1. Double free vulnerability[1] in the mysql_change_user() function. An attacker with access to the MySQL server can exploit this vulnerability to at least cause a denial of service condition (crash the MySQL server process) by sending specially crafted data from a client application. 2. World writeable configuration files vulnerability[2]. An attacker with access to the MySQL server can create/overwrite a MySQL configuration file using a SELECT * INFO OUTFILE command. This can be exploited to, for example, cause MySQL to run as root upon restart. 3. Password handler buffer overflow vulnerability. Frank Denis reported[3] a buffer overflow vulnerability in the password handling functions of MySQL. An attacker with global administrative privileges on the MySQL server can exploit this vulnerability to execute arbitrary code with the privileges of the user the MySQL server process is running as. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2003-0073[4], CVE-2003-0150[5] and CVE-2003-0780[6] to these issues, respectively. This update brings the latest stable MySQL version available from the 3.23 serie (3.23.58). Besides the fix or the aforementioned vulnerabilities, this new version includes several other bugfixes and minor enhancements, which can be seen in the project changelogs[7]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.mysql.com/doc/en/News-3.23.55.html http://www.securityfocus.com/archive/1/314391 http://www.securityfocus.com/archive/1/337012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0780 http://www.mysql.com/doc/en/News-3.23.x.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:743 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical CVSS Score: 9.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0073 BugTraq ID: 6718 http://www.securityfocus.com/bid/6718 Bugtraq: 20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=104385719107879&w=2 Conectiva Linux advisory: CLA-2003:743 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 Debian Security Information: DSA-303 (Google Search) http://www.debian.org/security/2003/dsa-303 En Garde Linux Advisory: ESA-20030220-004 http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436 http://www.redhat.com/support/errata/RHSA-2003-093.html RedHat Security Advisories: RHSA-2003:094 http://www.redhat.com/support/errata/RHSA-2003-166.html http://www.iss.net/security_center/static/11199.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0150 BugTraq ID: 7052 http://www.securityfocus.com/bid/7052 Bugtraq: 20030308 MySQL_user_can_be_changed_to_root? (Google Search) http://marc.info/?l=bugtraq&m=104715840202315&w=2 Bugtraq: 20030310 Re: MySQL user can be changed to root (Google Search) http://marc.info/?l=bugtraq&m=104739810523433&w=2 Bugtraq: 20030318 GLSA: mysql (200303-14) (Google Search) http://marc.info/?l=bugtraq&m=104802285012750&w=2 Bugtraq: 20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=104800948128630&w=2 CERT/CC vulnerability note: VU#203897 http://www.kb.cert.org/vuls/id/203897 En Garde Linux Advisory: ESA-20030324-012 http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442 http://rhn.redhat.com/errata/RHSA-2003-094.html XForce ISS Database: mysql-datadir-root-privileges(11510) https://exchange.xforce.ibmcloud.com/vulnerabilities/11510 Common Vulnerability Exposure (CVE) ID: CVE-2003-0780 Bugtraq: 20030910 Buffer overflow in MySQL (Google Search) http://www.securityfocus.com/archive/1/337012 Bugtraq: 20030913 exploit for mysql -- [get_salt_from_password] problem (Google Search) http://marc.info/?l=bugtraq&m=106364207129993&w=2 CERT/CC vulnerability note: VU#516492 http://www.kb.cert.org/vuls/id/516492 Debian Security Information: DSA-381 (Google Search) http://www.debian.org/security/2003/dsa-381 En Garde Linux Advisory: ESA-20030918-025 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:094 http://www.redhat.com/support/errata/RHSA-2003-281.html http://www.redhat.com/support/errata/RHSA-2003-282.html http://secunia.com/advisories/9709 http://marc.info/?l=bugtraq&m=106381424420775&w=2
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.