Test ID:	1.3.6.1.4.1.25623.1.0.53251
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-562-2)
Summary:	The remote host is missing an update for the Debian 'mysql' package(s) announced via the DSA-562-2 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'mysql' package(s) announced via the DSA-562-2 advisory. Vulnerability Insight: Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers. The following problems have been identified by the Common Vulnerabilities and Exposures Project: CAN-2004-0835 Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one. CAN-2004-0836 Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect function. CAN-2004-0837 Dean Ellis noticed that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall. For the stable distribution (woody) these problems have been fixed in version 3.23.49-8.8. For the unstable distribution (sid) these problems have been fixed in version 4.0.21-1. We recommend that you upgrade your mysql and related packages and restart services linking against them (e.g. Apache/PHP). Affected Software/OS: 'mysql' package(s) on Debian 3.0. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0835 BugTraq ID: 11357 http://www.securityfocus.com/bid/11357 Computer Incident Advisory Center Bulletin: P-018 http://www.ciac.org/ciac/bulletins/p-018.shtml Conectiva Linux advisory: CLA-2004:892 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 Debian Security Information: DSA-562 (Google Search) http://www.debian.org/security/2004/dsa-562 http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml http://bugs.mysql.com/bug.php?id=3270 http://lists.mysql.com/internals/13073 http://www.redhat.com/support/errata/RHSA-2004-597.html http://www.redhat.com/support/errata/RHSA-2004-611.html http://securitytracker.com/id?1011606 http://secunia.com/advisories/12783/ http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: mysql-alter-restriction-bypass(17666) https://exchange.xforce.ibmcloud.com/vulnerabilities/17666 Common Vulnerability Exposure (CVE) ID: CVE-2004-0836 BugTraq ID: 10981 http://www.securityfocus.com/bid/10981 Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110140517515735&w=2 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://secunia.com/advisories/12305/ XForce ISS Database: mysql-realconnect-bo(17047) https://exchange.xforce.ibmcloud.com/vulnerabilities/17047 Common Vulnerability Exposure (CVE) ID: CVE-2004-0837 http://bugs.mysql.com/2408 http://lists.mysql.com/internals/16168 http://lists.mysql.com/internals/16173 http://lists.mysql.com/internals/16174 http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15 XForce ISS Database: mysql-union-dos(17667) https://exchange.xforce.ibmcloud.com/vulnerabilities/17667
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.