English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61910
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-671-1 (mysql-dfsg-5.0)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mysql-dfsg-5.0
announced via advisory USN-671-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the
DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege
checks. This update alters table creation behaviour by disallowing the
use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY
options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)

It was discovered that MySQL did not handle empty bit-string literals
properly. An attacker could exploit this problem and cause the MySQL
server to crash, leading to a denial of service. (CVE-2008-3963)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.11

Ubuntu 7.10:
mysql-server-5.0 5.0.45-1ubuntu3.4

Ubuntu 8.04 LTS:
mysql-server-5.0 5.0.51a-3ubuntu5.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-671-1

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
1019995
http://www.securitytracker.com/id?1019995
29106
http://www.securityfocus.com/bid/29106
30134
http://secunia.com/advisories/30134
31066
http://secunia.com/advisories/31066
31226
http://secunia.com/advisories/31226
31681
http://www.securityfocus.com/bid/31681
31687
http://secunia.com/advisories/31687
32222
http://secunia.com/advisories/32222
32769
http://secunia.com/advisories/32769
36566
http://secunia.com/advisories/36566
36701
http://secunia.com/advisories/36701
ADV-2008-1472
http://www.vupen.com/english/advisories/2008/1472/references
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
APPLE-SA-2009-09-10-2
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
DSA-1608
http://www.debian.org/security/2008/dsa-1608
MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
MDVSA-2008:150
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
RHSA-2008:0505
http://www.redhat.com/support/errata/RHSA-2008-0505.html
RHSA-2008:0510
http://www.redhat.com/support/errata/RHSA-2008-0510.html
RHSA-2008:0768
http://www.redhat.com/support/errata/RHSA-2008-0768.html
RHSA-2009:1289
http://www.redhat.com/support/errata/RHSA-2009-1289.html
SUSE-SR:2008:017
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
USN-671-1
http://www.ubuntu.com/usn/USN-671-1
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3865
mysql-myisam-security-bypass(42267)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267
oval:org.mitre.oval:def:10133
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
Common Vulnerability Exposure (CVE) ID: CVE-2008-3963
Debian Security Information: DSA-1783 (Google Search)
http://www.debian.org/security/2009/dsa-1783
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.securitytracker.com/id?1020858
http://secunia.com/advisories/31769
http://secunia.com/advisories/32759
http://secunia.com/advisories/34907
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2008/2554
XForce ISS Database: mysql-bitstring-dos(45042)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45042
Common Vulnerability Exposure (CVE) ID: CVE-2008-4097
32759
MDVSA-2009:094
SUSE-SR:2008:025
[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079
http://www.openwall.com/lists/oss-security/2008/09/09/20
[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
mysql-myisam-symlinks-security-bypass(45648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
Common Vulnerability Exposure (CVE) ID: CVE-2008-4098
32578
http://secunia.com/advisories/32578
38517
http://secunia.com/advisories/38517
DSA-1662
http://www.debian.org/security/2008/dsa-1662
RHSA-2009:1067
RHSA-2010:0110
http://www.redhat.com/support/errata/RHSA-2010-0110.html
USN-1397-1
USN-897-1
http://ubuntu.com/usn/usn-897-1
mysql-myisam-symlink-security-bypass(45649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
oval:org.mitre.oval:def:10591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
Common Vulnerability Exposure (CVE) ID: CVE-2008-4989
BugTraq ID: 32232
http://www.securityfocus.com/bid/32232
Bugtraq: 20081117 rPSA-2008-0322-1 gnutls (Google Search)
http://www.securityfocus.com/archive/1/498431/100/0/threaded
Debian Security Information: DSA-1719 (Google Search)
http://www.debian.org/security/2009/dsa-1719
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html
http://security.gentoo.org/glsa/glsa-200901-10.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:227
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650
http://www.redhat.com/support/errata/RHSA-2008-0982.html
http://www.securitytracker.com/id?1021167
http://secunia.com/advisories/32619
http://secunia.com/advisories/32681
http://secunia.com/advisories/32687
http://secunia.com/advisories/32879
http://secunia.com/advisories/33501
http://secunia.com/advisories/33694
http://secunia.com/advisories/35423
http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1
SuSE Security Announcement: SUSE-SR:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
https://usn.ubuntu.com/678-1/
http://www.ubuntu.com/usn/usn-678-2
http://www.vupen.com/english/advisories/2008/3086
http://www.vupen.com/english/advisories/2009/1567
XForce ISS Database: gnutls-x509-name-spoofing(46482)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46482
Common Vulnerability Exposure (CVE) ID: CVE-2008-0017
BugTraq ID: 32281
http://www.securityfocus.com/bid/32281
Cert/CC Advisory: TA08-319A
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
Debian Security Information: DSA-1669 (Google Search)
http://www.debian.org/security/2008/dsa-1669
Debian Security Information: DSA-1671 (Google Search)
http://www.debian.org/security/2008/dsa-1671
Debian Security Information: DSA-1697 (Google Search)
http://www.debian.org/security/2009/dsa-1697
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
ISS Security Advisory: 20081113 Mozilla Unchecked Allocation Remote Code Execution
http://www.iss.net/threats/311.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
https://bugzilla.mozilla.org/show_bug.cgi?id=443299
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://www.securitytracker.com/id?1021185
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32694
http://secunia.com/advisories/32695
http://secunia.com/advisories/32713
http://secunia.com/advisories/32714
http://secunia.com/advisories/32721
http://secunia.com/advisories/32778
http://secunia.com/advisories/32845
http://secunia.com/advisories/32853
http://secunia.com/advisories/33433
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
SuSE Security Announcement: SUSE-SA:2008:055 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
http://ubuntu.com/usn/usn-667-1
http://www.vupen.com/english/advisories/2008/3146
http://www.vupen.com/english/advisories/2009/0977
Common Vulnerability Exposure (CVE) ID: CVE-2008-4582
BugTraq ID: 31611
http://www.securityfocus.com/bid/31611
BugTraq ID: 31747
http://www.securityfocus.com/bid/31747
Bugtraq: 20081007 Firefox Privacy Broken If Used to Open Web Page File (Google Search)
http://www.securityfocus.com/archive/1/497091/100/0/threaded
Debian Security Information: DSA-1696 (Google Search)
http://www.debian.org/security/2009/dsa-1696
http://liudieyu0.blog124.fc2.com/blog-entry-6.html
https://bugzilla.mozilla.org/show_bug.cgi?id=455311
http://www.securitytracker.com/id?1021190
http://securitytracker.com/alerts/2008/Nov/1021212.html
http://secunia.com/advisories/32192
http://secunia.com/advisories/33434
http://securityreason.com/securityalert/4416
http://www.vupen.com/english/advisories/2008/2818
XForce ISS Database: firefox-internet-shortcut-info-disclosure(45740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45740
Common Vulnerability Exposure (CVE) ID: CVE-2008-5012
1021187
http://www.securitytracker.com/id?1021187
20081118 Firefox cross-domain image theft (CESA-2008-009)
http://www.securityfocus.com/archive/1/498468
256408
32281
32351
http://www.securityfocus.com/bid/32351
32684
32693
32694
32714
32715
http://secunia.com/advisories/32715
32778
32798
http://secunia.com/advisories/32798
32845
32853
33433
33434
34501
ADV-2008-3146
ADV-2009-0977
DSA-1669
DSA-1671
DSA-1696
DSA-1697
FEDORA-2008-9667
MDVSA-2008:228
MDVSA-2008:235
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
RHSA-2008:0976
http://www.redhat.com/support/errata/RHSA-2008-0976.html
RHSA-2008:0977
SUSE-SA:2008:055
TA08-319A
USN-667-1
http://scary.beasts.org/security/CESA-2008-009.html
http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html
http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
https://bugzilla.mozilla.org/show_bug.cgi?id=355126
https://bugzilla.mozilla.org/show_bug.cgi?id=451619
oval:org.mitre.oval:def:10750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10750
Common Vulnerability Exposure (CVE) ID: CVE-2008-5013
1021181
http://www.securitytracker.com/id?1021181
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
https://bugzilla.mozilla.org/show_bug.cgi?id=433610
oval:org.mitre.oval:def:9660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9660
Common Vulnerability Exposure (CVE) ID: CVE-2008-5014
1021182
http://www.securitytracker.com/id?1021182
32011
http://secunia.com/advisories/32011
32695
32721
FEDORA-2008-9669
MDVSA-2008:230
RHSA-2008:0978
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
https://bugzilla.mozilla.org/show_bug.cgi?id=436741
oval:org.mitre.oval:def:9157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157
Common Vulnerability Exposure (CVE) ID: CVE-2008-5015
1021191
http://www.securitytracker.com/id?1021191
32713
http://www.mozilla.org/security/announce/2008/mfsa2008-51.html
https://bugzilla.mozilla.org/show_bug.cgi?id=447579
oval:org.mitre.oval:def:11063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11063
Common Vulnerability Exposure (CVE) ID: CVE-2008-5016
1021183
http://www.securitytracker.com/id?1021183
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=439206%2C453406%2C458637%2C444864%2C452157%2C449111%2C444260%2C457375%2C433429%2C443528%2C430394
oval:org.mitre.oval:def:11356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11356
Common Vulnerability Exposure (CVE) ID: CVE-2008-5017
https://bugzilla.mozilla.org/show_bug.cgi?id=455987
oval:org.mitre.oval:def:11436
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11436
Common Vulnerability Exposure (CVE) ID: CVE-2008-5018
https://bugzilla.mozilla.org/show_bug.cgi?id=452786
oval:org.mitre.oval:def:9872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9872
Common Vulnerability Exposure (CVE) ID: CVE-2008-5019
1021184
http://www.securitytracker.com/id?1021184
http://www.mozilla.org/security/announce/2008/mfsa2008-53.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906%2C460983
oval:org.mitre.oval:def:10943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943
Common Vulnerability Exposure (CVE) ID: CVE-2008-5021
1021186
http://www.securitytracker.com/id?1021186
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
https://bugzilla.mozilla.org/show_bug.cgi?id=460002
oval:org.mitre.oval:def:9642
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642
Common Vulnerability Exposure (CVE) ID: CVE-2008-5022
1021188
http://www.securitytracker.com/id?1021188
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
oval:org.mitre.oval:def:11186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11186
Common Vulnerability Exposure (CVE) ID: CVE-2008-5023
1021189
http://www.securitytracker.com/id?1021189
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
https://bugzilla.mozilla.org/show_bug.cgi?id=424733
oval:org.mitre.oval:def:9908
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908
Common Vulnerability Exposure (CVE) ID: CVE-2008-5024
1021192
http://www.securitytracker.com/id?1021192
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
https://bugzilla.mozilla.org/show_bug.cgi?id=453915
oval:org.mitre.oval:def:9063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.