English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60679
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-588-2 (mysql-dfsg-5.0)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mysql-dfsg-5.0
announced via advisory USN-588-2.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for
Ubuntu 6.06, additional improvements were made to make privilege checks
more restictive. As a result, an upstream bug was exposed which could
cause operations on tables or views in a different database to fail. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Masaaki Hirose discovered that MySQL could be made to dereference
a NULL pointer. An authenticated user could cause a denial of service
(application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)

Alexander Nozdrin discovered that MySQL did not restore database access
privileges when returning from SQL SECURITY INVOKER stored routines. An
authenticated user could exploit this to gain privileges. This issue
does not affect Ubuntu 7.10. (CVE-2007-2692)

Martin Friebe discovered that MySQL did not properly update the DEFINER
value of an altered view. An authenticated user could use CREATE SQL
SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges.
(CVE-2007-6303)

Luigi Auriemma discovered that yaSSL as included in MySQL did not
properly validate its input. A remote attacker could send crafted
requests and cause a denial of service or possibly execute arbitrary
code. This issue did not affect Ubuntu 6.06 in the default installation.
(CVE-2008-0226, CVE-2008-0227)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.9

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-588-2

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2692
BugTraq ID: 24011
http://www.securityfocus.com/bid/24011
Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search)
http://www.securityfocus.com/archive/1/473874/100/0/threaded
Debian Security Information: DSA-1413 (Google Search)
http://www.debian.org/security/2007/dsa-1413
http://www.mandriva.com/security/advisories?name=MDVSA-2008:028
http://bugs.mysql.com/bug.php?id=27337
http://lists.mysql.com/announce/470
http://osvdb.org/34765
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166
http://www.redhat.com/support/errata/RHSA-2007-0894.html
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://www.securitytracker.com/id?1018070
http://secunia.com/advisories/25301
http://secunia.com/advisories/26073
http://secunia.com/advisories/26430
http://secunia.com/advisories/27823
http://secunia.com/advisories/28637
http://secunia.com/advisories/28838
http://secunia.com/advisories/29443
http://secunia.com/advisories/30351
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.ubuntu.com/usn/usn-588-1
http://www.vupen.com/english/advisories/2007/1804
XForce ISS Database: mysql-changedb-privilege-escalation(34348)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34348
Common Vulnerability Exposure (CVE) ID: CVE-2006-7232
BugTraq ID: 28351
http://www.securityfocus.com/bid/28351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11720
http://secunia.com/advisories/31687
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2007-6303
BugTraq ID: 26832
http://www.securityfocus.com/bid/26832
Bugtraq: 20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server (Google Search)
http://www.securityfocus.com/archive/1/487606/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html
http://security.gentoo.org/glsa/glsa-200804-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:017
http://www.redhat.com/support/errata/RHSA-2007-1157.html
http://securitytracker.com/id?1019085
http://secunia.com/advisories/28025
http://secunia.com/advisories/28063
http://secunia.com/advisories/28739
http://secunia.com/advisories/29706
http://www.vupen.com/english/advisories/2007/4198
XForce ISS Database: mysql-definer-value-privilege-escalation(38989)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38989
Common Vulnerability Exposure (CVE) ID: CVE-2008-0226
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 27140
http://www.securityfocus.com/bid/27140
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20080104 Multiple vulnerabilities in yaSSL 1.7.5 (Google Search)
http://www.securityfocus.com/archive/1/485810/100/0/threaded
Bugtraq: 20080104 Pre-auth buffer-overflow in mySQL through yaSSL (Google Search)
http://www.securityfocus.com/archive/1/485811/100/0/threaded
Debian Security Information: DSA-1478 (Google Search)
http://www.debian.org/security/2008/dsa-1478
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
http://secunia.com/advisories/28324
http://secunia.com/advisories/28419
http://secunia.com/advisories/28597
http://secunia.com/advisories/32222
http://securityreason.com/securityalert/3531
http://www.vupen.com/english/advisories/2008/0560/references
http://www.vupen.com/english/advisories/2008/2780
XForce ISS Database: yassl-inputbufferoperator-bo(39431)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39431
XForce ISS Database: yassl-processoldclienthello-bo(39429)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39429
Common Vulnerability Exposure (CVE) ID: CVE-2008-0227
XForce ISS Database: yassl-hashwithtransformupdate-dos(39433)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39433
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.