Test Kennung:	1.3.6.1.4.1.25623.1.0.801064
Kategorie:	Denial of Service
Titel:	MySQL Denial Of Service and Spoofing Vulnerabilities
Zusammenfassung:	MySQL is prone to Denial Of Service and Spoofing Vulnerabilities
Beschreibung:	Summary: MySQL is prone to Denial Of Service and Spoofing Vulnerabilities Vulnerability Insight: The flaws are due to: - mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the 'GeomFromWKB()' function. - An error in 'vio_verify_callback()' function in 'viosslfactories.c', when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates. Vulnerability Impact: Successful exploitation could allow users to cause a Denial of Service and man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate. Affected Software/OS: MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 on all running platform. Solution: Upgrade to MySQL version 5.0.88 or 5.1.41. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4019 37717 http://secunia.com/advisories/37717 38517 http://secunia.com/advisories/38517 38573 http://secunia.com/advisories/38573 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-1997 http://www.debian.org/security/2010/dsa-1997 FEDORA-2009-12180 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html RHSA-2010:0109 http://www.redhat.com/support/errata/RHSA-2010-0109.html SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html USN-1397-1 http://www.ubuntu.com/usn/USN-1397-1 USN-897-1 http://ubuntu.com/usn/usn-897-1 [oss-security] 20091121 CVE Request - MySQL - 5.0.88 http://marc.info/?l=oss-security&m=125881733826437&w=2 [oss-security] 20091121 Re: CVE Request - MySQL - 5.0.88 http://marc.info/?l=oss-security&m=125883754215621&w=2 [oss-security] 20091123 Re: CVE Request - MySQL - 5.0.88 http://marc.info/?l=oss-security&m=125901161824278&w=2 http://bugs.mysql.com/47780 http://bugs.mysql.com/48291 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://support.apple.com/kb/HT4077 https://bugzilla.redhat.com/show_bug.cgi?id=540906 oval:org.mitre.oval:def:11349 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349 oval:org.mitre.oval:def:8500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500 Common Vulnerability Exposure (CVE) ID: CVE-2009-4028 [commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 http://lists.mysql.com/commits/87446 [oss-security] 20091119 mysql-5.1.41 http://www.openwall.com/lists/oss-security/2009/11/19/3 [oss-security] 20091123 Re: mysql-5.1.41 http://www.openwall.com/lists/oss-security/2009/11/23/16 http://bugs.mysql.com/47320 oval:org.mitre.oval:def:10940 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 oval:org.mitre.oval:def:8510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.