Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-671-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.840292
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-671-1)
Summary:	The remote host is missing an update for the 'mysql-dfsg-5.0' package(s) announced via the USN-671-1 advisory.
Description:	Summary: The remote host is missing an update for the 'mysql-dfsg-5.0' package(s) announced via the USN-671-1 advisory. Vulnerability Insight: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098) It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. (CVE-2008-3963) Affected Software/OS: 'mysql-dfsg-5.0' package(s) on Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2079 1019995 http://www.securitytracker.com/id?1019995 29106 http://www.securityfocus.com/bid/29106 30134 http://secunia.com/advisories/30134 31066 http://secunia.com/advisories/31066 31226 http://secunia.com/advisories/31226 31681 http://www.securityfocus.com/bid/31681 31687 http://secunia.com/advisories/31687 32222 http://secunia.com/advisories/32222 32769 http://secunia.com/advisories/32769 36566 http://secunia.com/advisories/36566 36701 http://secunia.com/advisories/36701 ADV-2008-1472 http://www.vupen.com/english/advisories/2008/1472/references ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html APPLE-SA-2009-09-10-2 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DSA-1608 http://www.debian.org/security/2008/dsa-1608 MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 MDVSA-2008:150 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 RHSA-2008:0505 http://www.redhat.com/support/errata/RHSA-2008-0505.html RHSA-2008:0510 http://www.redhat.com/support/errata/RHSA-2008-0510.html RHSA-2008:0768 http://www.redhat.com/support/errata/RHSA-2008-0768.html RHSA-2009:1289 http://www.redhat.com/support/errata/RHSA-2009-1289.html SUSE-SR:2008:017 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html USN-671-1 http://www.ubuntu.com/usn/USN-671-1 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3865 mysql-myisam-security-bypass(42267) https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 oval:org.mitre.oval:def:10133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133 Common Vulnerability Exposure (CVE) ID: CVE-2008-3963 Debian Security Information: DSA-1783 (Google Search) http://www.debian.org/security/2009/dsa-1783 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 http://www.openwall.com/lists/oss-security/2008/09/09/4 http://www.openwall.com/lists/oss-security/2008/09/09/7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 http://www.redhat.com/support/errata/RHSA-2009-1067.html http://www.securitytracker.com/id?1020858 http://secunia.com/advisories/31769 http://secunia.com/advisories/32759 http://secunia.com/advisories/34907 SuSE Security Announcement: SUSE-SR:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2008/2554 XForce ISS Database: mysql-bitstring-dos(45042) https://exchange.xforce.ibmcloud.com/vulnerabilities/45042 Common Vulnerability Exposure (CVE) ID: CVE-2008-4097 32759 MDVSA-2009:094 SUSE-SR:2008:025 [oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 http://www.openwall.com/lists/oss-security/2008/09/09/20 [oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 http://www.openwall.com/lists/oss-security/2008/09/16/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 mysql-myisam-symlinks-security-bypass(45648) https://exchange.xforce.ibmcloud.com/vulnerabilities/45648 Common Vulnerability Exposure (CVE) ID: CVE-2008-4098 32578 http://secunia.com/advisories/32578 38517 http://secunia.com/advisories/38517 DSA-1662 http://www.debian.org/security/2008/dsa-1662 RHSA-2009:1067 RHSA-2010:0110 http://www.redhat.com/support/errata/RHSA-2010-0110.html USN-1397-1 USN-897-1 http://ubuntu.com/usn/usn-897-1 mysql-myisam-symlink-security-bypass(45649) https://exchange.xforce.ibmcloud.com/vulnerabilities/45649 oval:org.mitre.oval:def:10591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
Copyright	Copyright (C) 2009 Greenbone AG