Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702581
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)
Summary:Several issues have been discovered in the MySQL database server. The;vulnerabilities are addressed by upgrading MySQL to a new upstream version,;5.1.66, which includes additional changes, such as performance improvements and;corrections for data loss defects. These changes are described in the;MySQL release notes.
Description:Summary:
Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to a new upstream version,
5.1.66, which includes additional changes, such as performance improvements and
corrections for data loss defects. These changes are described in the
MySQL release notes.

Affected Software/OS:
mysql-5.1 on Debian Linux

Solution:
For the testing distribution (wheezy) and unstable distribution (sid), these
problems have been fixed in version 5.5.28+dfsg-1.

Additionally, CVE-2012-5611 has been fixed in this upload. The vulnerability
(discovered independently by Tomas Hoger from the Red Hat Security Response
Team and king cope) is a stack-based buffer overflow in acl_get() when
checking user access to a database. Using a carefully crafted database name, an
already authenticated MySQL user could make the server crash or even execute
arbitrary code as the mysql system user.

For the stable distribution (squeeze), this problem has been fixed in version
5.1.66-0+squeeze1.

For the testing distribution (wheezy) and unstable distribution (sid), this
problem will be fixed soon.

We recommend that you upgrade your mysql-5.1 packages.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5611
Debian Security Information: DSA-2581 (Google Search)
http://www.debian.org/security/2012/dsa-2581
http://www.exploit-db.com/exploits/23075
http://seclists.org/fulldisclosure/2012/Dec/4
http://security.gentoo.org/glsa/glsa-201308-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openwall.com/lists/oss-security/2012/12/02/3
http://www.openwall.com/lists/oss-security/2012/12/02/4
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395
RedHat Security Advisories: RHSA-2012:1551
http://rhn.redhat.com/errata/RHSA-2012-1551.html
RedHat Security Advisories: RHSA-2013:0180
http://rhn.redhat.com/errata/RHSA-2013-0180.html
http://secunia.com/advisories/51443
http://secunia.com/advisories/53372
SuSE Security Announcement: SUSE-SU-2013:0262 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html
SuSE Security Announcement: openSUSE-SU-2013:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html
SuSE Security Announcement: openSUSE-SU-2013:0013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html
SuSE Security Announcement: openSUSE-SU-2013:0014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html
SuSE Security Announcement: openSUSE-SU-2013:0135 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html
SuSE Security Announcement: openSUSE-SU-2013:0156 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html
SuSE Security Announcement: openSUSE-SU-2013:1412 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html
http://www.ubuntu.com/usn/USN-1658-1
http://www.ubuntu.com/usn/USN-1703-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3173
RedHat Security Advisories: RHSA-2012:1462
http://rhn.redhat.com/errata/RHSA-2012-1462.html
http://secunia.com/advisories/51177
http://secunia.com/advisories/51309
http://www.ubuntu.com/usn/USN-1621-1
XForce ISS Database: mysqlserver-innodbplugin-dos(79386)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79386
Common Vulnerability Exposure (CVE) ID: CVE-2012-3150
XForce ISS Database: mysqlserver-opt-dos(79388)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79388
Common Vulnerability Exposure (CVE) ID: CVE-2012-3166
Common Vulnerability Exposure (CVE) ID: CVE-2012-3163
http://secunia.com/advisories/56509
http://secunia.com/advisories/56513
XForce ISS Database: mysqlserver-informationschema-cve20123163(79381)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79381
Common Vulnerability Exposure (CVE) ID: CVE-2012-3167
XForce ISS Database: mysqlserver-serverfulltextsearch-dos(79392)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79392
Common Vulnerability Exposure (CVE) ID: CVE-2012-3197
XForce ISS Database: mysqlserver-serverreplication-dos(79393)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79393
Common Vulnerability Exposure (CVE) ID: CVE-2012-3180
XForce ISS Database: mysqlserver-optimize-dos(79389)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79389
Common Vulnerability Exposure (CVE) ID: CVE-2012-3160
XForce ISS Database: mysqlserver-serverinstallation-info-disc(79394)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79394
Common Vulnerability Exposure (CVE) ID: CVE-2012-3177
XForce ISS Database: mysqlserver-server-dos(79383)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79383
Common Vulnerability Exposure (CVE) ID: CVE-2012-3158
XForce ISS Database: mysqlserver-protocol-cve20123158(79382)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79382
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.