Test ID:	1.3.6.1.4.1.25623.1.0.840106
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-559-1)
Summary:	The remote host is missing an update for the 'mysql-dfsg-5.0' package(s) announced via the USN-559-1 advisory.
Description:	Summary: The remote host is missing an update for the 'mysql-dfsg-5.0' package(s) announced via the USN-559-1 advisory. Vulnerability Insight: Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. (CVE-2007-5925) It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. (CVE-2007-5969) Philip Stoev discovered that the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. (CVE-2007-6304) It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges. (CVE-2007-3781) Affected Software/OS: 'mysql-dfsg-5.0' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3781 BugTraq ID: 25017 http://www.securityfocus.com/bid/25017 Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/473874/100/0/threaded Debian Security Information: DSA-1451 (Google Search) http://www.debian.org/security/2008/dsa-1451 http://security.gentoo.org/glsa/glsa-200708-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 http://bugs.mysql.com/bug.php?id=25578 http://lists.mysql.com/announce/470 http://osvdb.org/37783 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 http://www.redhat.com/support/errata/RHSA-2007-0894.html http://www.redhat.com/support/errata/RHSA-2008-0364.html http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26987 http://secunia.com/advisories/28040 http://secunia.com/advisories/28108 http://secunia.com/advisories/28128 http://secunia.com/advisories/28343 http://secunia.com/advisories/30351 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 https://usn.ubuntu.com/559-1/ Common Vulnerability Exposure (CVE) ID: CVE-2007-5925 BugTraq ID: 26353 http://www.securityfocus.com/bid/26353 Debian Security Information: DSA-1413 (Google Search) http://www.debian.org/security/2007/dsa-1413 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067350.html http://security.gentoo.org/glsa/glsa-200711-25.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11390 http://www.redhat.com/support/errata/RHSA-2007-1155.html http://www.redhat.com/support/errata/RHSA-2007-1157.html http://www.securitytracker.com/id?1018978 http://secunia.com/advisories/27568 http://secunia.com/advisories/27649 http://secunia.com/advisories/27823 http://secunia.com/advisories/28025 http://secunia.com/advisories/28099 http://secunia.com/advisories/28838 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2007/3903 XForce ISS Database: mysql-hainnodb-dos(38284) https://exchange.xforce.ibmcloud.com/vulnerabilities/38284 Common Vulnerability Exposure (CVE) ID: CVE-2007-5969 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 26765 http://www.securityfocus.com/bid/26765 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/486477/100/0/threaded http://security.gentoo.org/glsa/glsa-200804-04.xml http://lists.mysql.com/announce/495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 http://www.securitytracker.com/id?1019060 http://secunia.com/advisories/27981 http://secunia.com/advisories/28063 http://secunia.com/advisories/28559 http://secunia.com/advisories/29706 http://secunia.com/advisories/32222 http://www.vupen.com/english/advisories/2007/4142 http://www.vupen.com/english/advisories/2007/4198 http://www.vupen.com/english/advisories/2008/0560/references http://www.vupen.com/english/advisories/2008/1000/references http://www.vupen.com/english/advisories/2008/2780 Common Vulnerability Exposure (CVE) ID: CVE-2007-6304 BugTraq ID: 26832 http://www.securityfocus.com/bid/26832 Bugtraq: 20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/487606/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 http://osvdb.org/42609 http://securitytracker.com/id?1019085 http://secunia.com/advisories/28637 http://secunia.com/advisories/28739 XForce ISS Database: mysql-federated-engine-dos(38990) https://exchange.xforce.ibmcloud.com/vulnerabilities/38990
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.