Test ID:	1.3.6.1.4.1.25623.1.0.52072
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:070 (MySQL)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to MySQL announced via advisory MDKSA-2005:070. A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character (_) to have the ability to grant privileges to other databases with similar names. This problem was previously discovered and fixed, but a new case where the problem still existed was recently discovered. The updated packages have been patched to correct this issue. Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:070 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0957 Computer Incident Advisory Center Bulletin: P-018 http://www.ciac.org/ciac/bulletins/p-018.shtml Conectiva Linux advisory: CLA-2005:947 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 Debian Security Information: DSA-707 (Google Search) http://www.debian.org/security/2005/dsa-707 http://www.mandriva.com/security/advisories?name=MDKSA-2005:070 http://www.redhat.com/support/errata/RHSA-2004-597.html http://www.redhat.com/support/errata/RHSA-2004-611.html https://www.ubuntu.com/usn/usn-32-1/ XForce ISS Database: mysql-underscore-gain-priv(17783) https://exchange.xforce.ibmcloud.com/vulnerabilities/17783
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.