Test ID:	1.3.6.1.4.1.25623.1.0.57339
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-338-1 (mysql-dfsg-5.0)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mysql-dfsg-5.0 announced via advisory USN-338-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions' definer instead of its caller. An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the definer of that function. (CVE-2006-4227) Peter Gulutzan reported a potentially confusing situation of the MERGE table engine. If an user creates a merge table, and the administrator later revokes privileges on the original table only (without changing the privileges on the merge table), that user still has access to the data by using the merge table. This is intended behaviour, but might be undesirable in some installations this update introduces a new server option --skip-merge which disables the MERGE engine completely. (CVE-2006-4031) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.2 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-338-1 Risk factor : High CVSS Score: 6.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4031 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 19279 http://www.securityfocus.com/bid/19279 Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:149 http://bugs.mysql.com/bug.php?id=15195 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468 http://www.redhat.com/support/errata/RHSA-2007-0083.html http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.redhat.com/support/errata/RHSA-2008-0768.html http://securitytracker.com/id?1016617 http://secunia.com/advisories/21259 http://secunia.com/advisories/21382 http://secunia.com/advisories/21627 http://secunia.com/advisories/21685 http://secunia.com/advisories/21770 http://secunia.com/advisories/22080 http://secunia.com/advisories/24479 http://secunia.com/advisories/30351 http://secunia.com/advisories/31226 SuSE Security Announcement: SUSE-SR:2006:023 (Google Search) http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.ubuntu.com/usn/usn-338-1 http://www.vupen.com/english/advisories/2006/3079 http://www.vupen.com/english/advisories/2007/0930 Common Vulnerability Exposure (CVE) ID: CVE-2006-4227 BugTraq ID: 19559 http://www.securityfocus.com/bid/19559 http://lists.mysql.com/commits/7918 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10105 http://securitytracker.com/id?1016709 http://secunia.com/advisories/21506 http://www.vupen.com/english/advisories/2006/3306 XForce ISS Database: mysql-grant-execute-privilege-escalation(28442) https://exchange.xforce.ibmcloud.com/vulnerabilities/28442
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.