Test ID:	1.3.6.1.4.1.25623.1.0.57109
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1112)
Summary:	The remote host is missing an update for the Debian 'mysql-dfsg-4.1' package(s) announced via the DSA-1112 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'mysql-dfsg-4.1' package(s) announced via the DSA-1112 advisory. Vulnerability Insight: Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3081 'Kanatoko' discovered that the server can be crashed with feeding NULL values to the str_to_date() function. CVE-2006-3469 Jean-David Maillefer discovered that the server can be crashed with specially crafted date_format() function calls. For the stable distribution (sarge) these problems have been fixed in version 4.1.11a-4sarge5. For the unstable distribution (sid) does no longer contain MySQL 4.1 packages. MySQL 5.0 from sid is not affected. We recommend that you upgrade your mysql-dfsg-4.1 packages. Affected Software/OS: 'mysql-dfsg-4.1' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3081 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 18439 http://www.securityfocus.com/bid/18439 Bugtraq: 20060614 MySQL DoS (Google Search) http://www.securityfocus.com/archive/1/437145 Bugtraq: 20060615 Re: MySQL DoS (Google Search) http://www.securityfocus.com/archive/1/437277 http://www.securityfocus.com/archive/1/437571/100/0/threaded Cert/CC Advisory: TA06-208A http://www.us-cert.gov/cas/techalerts/TA06-208A.html Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1112 (Google Search) http://www.debian.org/security/2006/dsa-1112 http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516 http://www.redhat.com/support/errata/RHSA-2007-0083.html http://secunia.com/advisories/19929 http://secunia.com/advisories/20832 http://secunia.com/advisories/20871 http://secunia.com/advisories/24479 https://usn.ubuntu.com/306-1/ http://www.vupen.com/english/advisories/2007/0930 XForce ISS Database: mysql-select-dos(27212) https://exchange.xforce.ibmcloud.com/vulnerabilities/27212 Common Vulnerability Exposure (CVE) ID: CVE-2006-3469 BugTraq ID: 19032 http://www.securityfocus.com/bid/19032 http://security.gentoo.org/glsa/glsa-200608-09.xml http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 http://bugs.mysql.com/bug.php?id=20729 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827 http://www.redhat.com/support/errata/RHSA-2008-0768.html http://secunia.com/advisories/21147 http://secunia.com/advisories/21366 http://secunia.com/advisories/31226 http://www.ubuntu.com/usn/usn-321-1
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.