ID de Prueba:	1.3.6.1.4.1.25623.1.0.50601
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:119 (MySQL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to MySQL announced via advisory MDKSA-2004:119. A number of problems have been discovered in the MySQL database server: Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method (CVE-2004-0457). Oleksandr Byelkin discovered that the ALTER TABLE ... RENAME would check the CREATE/INSERT rights of the old table rather than the new one (CVE-2004-0835). Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function (CVE-2004-0836). Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall (CVE-2004-0837). The updated MySQL packages have been patched to protect against these issues. Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0837 http://bugs.mysql.com/bug.php?id=3270 http://bugs.mysql.com/bug.php?id=4017 http://bugs.mysql.com/bug.php?id=2408 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0457 Computer Incident Advisory Center Bulletin: P-018 http://www.ciac.org/ciac/bulletins/p-018.shtml Debian Security Information: DSA-540 (Google Search) http://www.debian.org/security/2004/dsa-540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693 http://www.redhat.com/support/errata/RHSA-2004-597.html XForce ISS Database: mysql-mysqlhotcopy-insecure-file(17030) https://exchange.xforce.ibmcloud.com/vulnerabilities/17030 Common Vulnerability Exposure (CVE) ID: CVE-2004-0835 BugTraq ID: 11357 http://www.securityfocus.com/bid/11357 Conectiva Linux advisory: CLA-2004:892 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 Debian Security Information: DSA-562 (Google Search) http://www.debian.org/security/2004/dsa-562 http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml http://bugs.mysql.com/bug.php?id=3270 http://lists.mysql.com/internals/13073 http://www.redhat.com/support/errata/RHSA-2004-611.html http://securitytracker.com/id?1011606 http://secunia.com/advisories/12783/ http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: mysql-alter-restriction-bypass(17666) https://exchange.xforce.ibmcloud.com/vulnerabilities/17666 Common Vulnerability Exposure (CVE) ID: CVE-2004-0836 BugTraq ID: 10981 http://www.securityfocus.com/bid/10981 Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110140517515735&w=2 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://secunia.com/advisories/12305/ XForce ISS Database: mysql-realconnect-bo(17047) https://exchange.xforce.ibmcloud.com/vulnerabilities/17047 Common Vulnerability Exposure (CVE) ID: CVE-2004-0837 http://bugs.mysql.com/2408 http://lists.mysql.com/internals/16168 http://lists.mysql.com/internals/16173 http://lists.mysql.com/internals/16174 http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15 XForce ISS Database: mysql-union-dos(17667) https://exchange.xforce.ibmcloud.com/vulnerabilities/17667
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.