Test ID:	1.3.6.1.4.1.25623.1.0.56101
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2006:167803
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2006:167803. Reid Borsuk discovered a buffer overflow in the MySQL init_syms() function. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2558 to this issue. This release fixes two additional problems. A regression was introduced in a patch included in the previous MySQL packages that resulted in queries performing a DELETE without a WHERE failing on ISAM tables. Also, the MySQL init script was improved to allow the MySQL service to restart properly during upgrades. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. Affected platforms: Redhat 7.3 Redhat 9 Fedora Core 1 Fedora Core 2 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2006:167803 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	BugTraq ID: 14509 Common Vulnerability Exposure (CVE) ID: CVE-2005-2558 http://www.securityfocus.com/bid/14509 Bugtraq: 20050808 [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions (Google Search) http://marc.info/?l=bugtraq&m=112354450412427&w=2 Debian Security Information: DSA-829 (Google Search) http://www.debian.org/security/2005/dsa-829 Debian Security Information: DSA-831 (Google Search) http://www.debian.org/security/2005/dsa-831 Debian Security Information: DSA-833 (Google Search) http://www.debian.org/security/2005/dsa-833 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00005.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:163 http://www.appsecinc.com/resources/alerts/mysql/2005-002.html SCO Security Bulletin: SCOSA-2006.18 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1/SCOSA-2006.18.1.txt http://secunia.com/advisories/17027 http://secunia.com/advisories/20381 http://secunia.com/advisories/29847 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 SuSE Security Announcement: SUSE-SR:2005:021 (Google Search) http://www.novell.com/linux/security/advisories/2005_21_sr.html https://www.ubuntu.com/usn/usn-180-1/ https://www.ubuntu.com/usn/usn-180-2/ http://www.vupen.com/english/advisories/2008/1326/references XForce ISS Database: mysql-user-defined-function-bo(21737) https://exchange.xforce.ibmcloud.com/vulnerabilities/21737
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.