English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 146377 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.880577
Kategorie:CentOS Local Security Checks
Titel:CentOS Update for mysql CESA-2010:0442 centos5 i386
Zusammenfassung:The remote host is missing an update for the 'mysql'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'mysql'
package(s) announced via the referenced advisory.

Vulnerability Insight:
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

A buffer overflow flaw was found in the way MySQL handled the parameters of
the MySQL COM_FIELD_LIST network protocol command (this command is sent
when a client uses the MySQL mysql_list_fields() client library function).
An authenticated database user could send a request with an excessively
long table name to cause a temporary denial of service (mysqld crash) or,
potentially, execute arbitrary code with the privileges of the database
server. (CVE-2010-1850)

A directory traversal flaw was found in the way MySQL handled the
parameters of the MySQL COM_FIELD_LIST network protocol command. An
authenticated database user could use this flaw to obtain descriptions of
the fields of an arbitrary table using a request with a specially-crafted
table name. (CVE-2010-1848)

A flaw was discovered in the way MySQL handled symbolic links to tables
created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE
TABLE statements. An attacker with CREATE and DROP table privileges, and
shell access to the database server, could use this flaw to remove data and
index files of tables created by other database users using the MyISAM
storage engine. (CVE-2010-1626)

All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.

Affected Software/OS:
mysql on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-1626
1024004
http://securitytracker.com/id?1024004
40257
http://www.securityfocus.com/bid/40257
ADV-2010-1194
http://www.vupen.com/english/advisories/2010/1194
MDVSA-2010:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:101
RHSA-2010:0442
http://www.redhat.com/support/errata/RHSA-2010-0442.html
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE-SR:2010:021
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
USN-1397-1
http://www.ubuntu.com/usn/USN-1397-1
[oss-security] 20100510 Re: A mysql flaw.
http://www.openwall.com/lists/oss-security/2010/05/10/2
[oss-security] 20100518 Re: A mysql flaw.
http://www.openwall.com/lists/oss-security/2010/05/18/4
http://bugs.mysql.com/bug.php?id=40980
oval:org.mitre.oval:def:9490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490
Common Vulnerability Exposure (CVE) ID: CVE-2010-1848
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:107
http://lists.mysql.com/commits/107532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210
http://www.redhat.com/support/errata/RHSA-2010-0824.html
http://securitytracker.com/id?1024031
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
SuSE Security Announcement: SUSE-SR:2010:021 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-1850
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693
http://securitytracker.com/id?1024033
CopyrightCopyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.