Test ID:	1.3.6.1.4.1.25623.1.0.56696
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-274-1 (mysql-dfsg)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mysql-dfsg announced via advisory USN-274-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: mysql-server A logging bypass was discovered in the MySQL query parser. A local attacker could exploit this by inserting NUL characters into query strings (even into comments), which would cause the query to be logged incompletely. This only affects you if you enabled the 'log' parameter in the MySQL configuration. Solution: The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.7 (for Ubuntu 4.10), 4.0.23-3ubuntu2.2 (for Ubuntu 5.04), or 4.0.24-10ubuntu2.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-274-1 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	BugTraq ID: 16850 Common Vulnerability Exposure (CVE) ID: CVE-2006-0903 1015693 http://securitytracker.com/id?1015693 16850 http://www.securityfocus.com/bid/16850 19034 http://secunia.com/advisories/19034 19502 http://secunia.com/advisories/19502 19814 http://secunia.com/advisories/19814 20060225 mysql <= 5.0.18 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html 20241 http://secunia.com/advisories/20241 20253 http://secunia.com/advisories/20253 20333 http://secunia.com/advisories/20333 20625 http://secunia.com/advisories/20625 30351 http://secunia.com/advisories/30351 ADV-2006-0752 http://www.vupen.com/english/advisories/2006/0752 DSA-1071 http://www.debian.org/security/2006/dsa-1071 DSA-1073 http://www.debian.org/security/2006/dsa-1073 DSA-1079 http://www.debian.org/security/2006/dsa-1079 MDKSA-2006:064 http://www.mandriva.com/security/advisories?name=MDKSA-2006:064 RHSA-2006:0544 http://www.redhat.com/support/errata/RHSA-2006-0544.html RHSA-2007:0083 http://www.redhat.com/support/errata/RHSA-2007-0083.html RHSA-2008:0364 http://www.redhat.com/support/errata/RHSA-2008-0364.html USN-274-1 https://usn.ubuntu.com/274-1/ USN-274-2 http://www.ubuntu.com/usn/usn-274-2 http://bugs.mysql.com/bug.php?id=17667 http://rst.void.ru/papers/advisory39.txt mysql-query-log-bypass-security(24966) https://exchange.xforce.ibmcloud.com/vulnerabilities/24966 oval:org.mitre.oval:def:9915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.