Test ID:	1.3.6.1.4.1.25623.1.0.55952
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-180-2 (mysql-dfsg-4.1)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mysql-dfsg-4.1 announced via advisory USN-180-2. A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The following packages are affected: mysql-server-4.1 USN-180-1 fixed a vulnerability in the mysql-server package (which ships version 4.0). Version 4.1 is vulnerable against the same flaw. Please note that this package is not officially supported in Ubuntu 5.10. Origial advisory: AppSecInc Team SHATTER discovered a buffer overflow in the CREATE FUNCTION statement. By specifying a specially crafted long function name, a local or remote attacker with function creation privileges could crash the server or execute arbitrary code with server privileges. However, the right to create function is usually not granted to untrusted users. Solution: The problem can be corrected by upgrading the affected package to version 4.1.12-1ubuntu3.1. In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-180-2 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	BugTraq ID: 14509 Common Vulnerability Exposure (CVE) ID: CVE-2005-2558 http://www.securityfocus.com/bid/14509 Bugtraq: 20050808 [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions (Google Search) http://marc.info/?l=bugtraq&m=112354450412427&w=2 Debian Security Information: DSA-829 (Google Search) http://www.debian.org/security/2005/dsa-829 Debian Security Information: DSA-831 (Google Search) http://www.debian.org/security/2005/dsa-831 Debian Security Information: DSA-833 (Google Search) http://www.debian.org/security/2005/dsa-833 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00005.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:163 http://www.appsecinc.com/resources/alerts/mysql/2005-002.html SCO Security Bulletin: SCOSA-2006.18 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1/SCOSA-2006.18.1.txt http://secunia.com/advisories/17027 http://secunia.com/advisories/20381 http://secunia.com/advisories/29847 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 SuSE Security Announcement: SUSE-SR:2005:021 (Google Search) http://www.novell.com/linux/security/advisories/2005_21_sr.html https://www.ubuntu.com/usn/usn-180-1/ https://www.ubuntu.com/usn/usn-180-2/ http://www.vupen.com/english/advisories/2008/1326/references XForce ISS Database: mysql-user-defined-function-bo(21737) https://exchange.xforce.ibmcloud.com/vulnerabilities/21737
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.