Test ID:	1.3.6.1.4.1.25623.1.0.59987
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:243 (MySQL)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to MySQL announced via advisory MDKSA-2007:243. A vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error (CVE-2007-5925). Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to (CVE-2007-5969). The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:243 Risk factor : High CVSS Score: 7.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3781 BugTraq ID: 25017 http://www.securityfocus.com/bid/25017 Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/473874/100/0/threaded Debian Security Information: DSA-1451 (Google Search) http://www.debian.org/security/2008/dsa-1451 http://security.gentoo.org/glsa/glsa-200708-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 http://bugs.mysql.com/bug.php?id=25578 http://lists.mysql.com/announce/470 http://osvdb.org/37783 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 http://www.redhat.com/support/errata/RHSA-2007-0894.html http://www.redhat.com/support/errata/RHSA-2008-0364.html http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26987 http://secunia.com/advisories/28040 http://secunia.com/advisories/28108 http://secunia.com/advisories/28128 http://secunia.com/advisories/28343 http://secunia.com/advisories/30351 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 https://usn.ubuntu.com/559-1/ Common Vulnerability Exposure (CVE) ID: CVE-2007-5925 BugTraq ID: 26353 http://www.securityfocus.com/bid/26353 Debian Security Information: DSA-1413 (Google Search) http://www.debian.org/security/2007/dsa-1413 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067350.html http://security.gentoo.org/glsa/glsa-200711-25.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11390 http://www.redhat.com/support/errata/RHSA-2007-1155.html http://www.redhat.com/support/errata/RHSA-2007-1157.html http://www.securitytracker.com/id?1018978 http://secunia.com/advisories/27568 http://secunia.com/advisories/27649 http://secunia.com/advisories/27823 http://secunia.com/advisories/28025 http://secunia.com/advisories/28099 http://secunia.com/advisories/28838 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2007/3903 XForce ISS Database: mysql-hainnodb-dos(38284) https://exchange.xforce.ibmcloud.com/vulnerabilities/38284 Common Vulnerability Exposure (CVE) ID: CVE-2007-5969 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 26765 http://www.securityfocus.com/bid/26765 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/486477/100/0/threaded http://security.gentoo.org/glsa/glsa-200804-04.xml http://lists.mysql.com/announce/495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 http://www.securitytracker.com/id?1019060 http://secunia.com/advisories/27981 http://secunia.com/advisories/28063 http://secunia.com/advisories/28559 http://secunia.com/advisories/29706 http://secunia.com/advisories/32222 http://www.vupen.com/english/advisories/2007/4142 http://www.vupen.com/english/advisories/2007/4198 http://www.vupen.com/english/advisories/2008/0560/references http://www.vupen.com/english/advisories/2008/1000/references http://www.vupen.com/english/advisories/2008/2780
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.