Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54299
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2004-0054 (Multiple packages)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2004-0054.


libtiff:
Chris Evans and Dmitry V. Levin
discovered some security holes in libtiff.

CVE-2004-0803
Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution.

CVE-2004-0886
Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption.


mysql:
Martin Schulze pointed to several issues that
had been fixed in the upstream mysql source.

CVE-2004-0835
Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks
CREATE/INSERT rights of the old table instead of the new one.

CVE-2004-0836
Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect
function.

CVE-2004-0837
Dean Ellis noticed that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION can cause the server
to crash or stall.

Issues with no CVE number:

Crash with MATCH..AGAINST (denial of service)
http://bugs.mysql.com/bug.php?id=3870

Privilege Escalation on GRANT ALL ON `Foo\_Bar`
Changelog:
Fixed bug in privilege checking where, under some conditions, one
was able to grant privileges on the database, he has no privileges on.

http://bugs.mysql.com/bug.php?id=3933
http://mysql.bkbits.net:8080/mysql-4.0/patch@1.1844.5.1


squid:
iDefense reported that remote exploitation of a design error in the
SNMP module of Squid Web Proxy Cache may lead to a denial of service.
For a thorough description, see iDEFENSE Security Advisory 10.11.04:
http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities


cyrus-sasl:
A packaging bug in our cyrus-sasl package failed to properly mark
/etc/sysconfig/saslauthd as a config file. This caused the file to be
replaced on package upgrades.

People upgrading this package should backup this file before upgrading.
# cp /etc/sysconfig/saslauthd /etc/sysconfig/saslauthd.bak
# swup --upgrade
# mv /etc/sysconfig/saslauthd.bak /etc/sysconfig/saslauthd



Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0054

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
BugTraq ID: 11406
http://www.securityfocus.com/bid/11406
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
http://marc.info/?l=bugtraq&m=109778785107450&w=2
CERT/CC vulnerability note: VU#948752
http://www.kb.cert.org/vuls/id/948752
Conectiva Linux advisory: CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Debian Security Information: DSA-567 (Google Search)
http://www.debian.org/security/2004/dsa-567
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://scary.beasts.org/security/CESA-2004-006.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896
http://www.redhat.com/support/errata/RHSA-2004-577.html
http://www.redhat.com/support/errata/RHSA-2005-021.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://secunia.com/advisories/12818
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
XForce ISS Database: libtiff-library-decoding-bo(17703)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17703
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
CERT/CC vulnerability note: VU#687568
http://www.kb.cert.org/vuls/id/687568
Computer Incident Advisory Center Bulletin: P-015
http://www.ciac.org/ciac/bulletins/p-015.shtml
http://marc.info/?l=bugtraq&m=109779465621929&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907
http://securitytracker.com/id?1011674
http://www.trustix.org/errata/2004/0054/
XForce ISS Database: libtiff-bo(17715)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17715
Common Vulnerability Exposure (CVE) ID: CVE-2004-0835
BugTraq ID: 11357
http://www.securityfocus.com/bid/11357
Computer Incident Advisory Center Bulletin: P-018
http://www.ciac.org/ciac/bulletins/p-018.shtml
Conectiva Linux advisory: CLA-2004:892
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
Debian Security Information: DSA-562 (Google Search)
http://www.debian.org/security/2004/dsa-562
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
http://bugs.mysql.com/bug.php?id=3270
http://lists.mysql.com/internals/13073
http://www.redhat.com/support/errata/RHSA-2004-597.html
http://www.redhat.com/support/errata/RHSA-2004-611.html
http://securitytracker.com/id?1011606
http://secunia.com/advisories/12783/
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
XForce ISS Database: mysql-alter-restriction-bypass(17666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17666
Common Vulnerability Exposure (CVE) ID: CVE-2004-0836
BugTraq ID: 10981
http://www.securityfocus.com/bid/10981
Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110140517515735&w=2
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://secunia.com/advisories/12305/
XForce ISS Database: mysql-realconnect-bo(17047)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17047
Common Vulnerability Exposure (CVE) ID: CVE-2004-0837
http://bugs.mysql.com/2408
http://lists.mysql.com/internals/16168
http://lists.mysql.com/internals/16173
http://lists.mysql.com/internals/16174
http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15
XForce ISS Database: mysql-union-dos(17667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17667
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.