Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:087 (MySQL)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50859

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:087 (MySQL)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to MySQL
announced via advisory MDKSA-2002:087.

Two vulnerabilities were discovered in all versions of MySQL prior
to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by
any valid MySQL user to crash the MySQL server, the other allows
anyone to bypass the MySQL password check or execute arbitraty code
with the privilege of the user running mysqld. Another two
vulnerabilities were found, one an arbitrary size heap overflow in
the mysql client library and another that allows one to write '\0'
to any memory address. Both of these flaws could allow DOS attacks
or arbitary code execution within anything linked against
libmysqlclient.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1376
http://security.e-matters.de/advisories/042002.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-1373
BugTraq ID: 6368
http://www.securityfocus.com/bid/6368
Bugtraq: 20021212 Advisory 04/2002: Multiple MySQL vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=103971644013961&w=2
Conectiva Linux advisory: CLSA-2002:555
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
Debian Security Information: DSA-212 (Google Search)
http://www.debian.org/security/2002/dsa-212
En Garde Linux Advisory: ESA-20030127-001
http://marc.info/?l=bugtraq&m=104004857201968&w=2
Immunix Linux Advisory: IMNX-2003-7+-008-01
http://www.securityfocus.com/advisories/5269
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
http://security.e-matters.de/advisories/042002.html
http://www.redhat.com/support/errata/RHSA-2002-288.html
http://www.redhat.com/support/errata/RHSA-2002-289.html
http://www.redhat.com/support/errata/RHSA-2003-166.html
SuSE Security Announcement: SUSE-SA:2003:003 (Google Search)
http://www.novell.com/linux/security/advisories/2003_003_mysql.html
http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
XForce ISS Database: mysql-comtabledump-dos(10846)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10846
Common Vulnerability Exposure (CVE) ID: CVE-2002-1374
BugTraq ID: 6373
http://www.securityfocus.com/bid/6373
Bugtraq: 20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) (Google Search)
http://marc.info/?l=bugtraq&m=104005886114500&w=2
En Garde Linux Advisory: ESA-20021213-033
http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
XForce ISS Database: mysql-comchangeuser-password-bypass(10847)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10847
Common Vulnerability Exposure (CVE) ID: CVE-2002-1375
BugTraq ID: 6375
http://www.securityfocus.com/bid/6375
XForce ISS Database: mysql-comchangeuser-password-bo(10848)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10848
Common Vulnerability Exposure (CVE) ID: CVE-2002-1376
BugTraq ID: 6370
http://www.securityfocus.com/bid/6370
BugTraq ID: 6374
http://www.securityfocus.com/bid/6374
Bugtraq: 20021215 GLSA: mysql (Google Search)
Bugtraq: 20021219 TSLSA-2002-0086 - mysql (Google Search)
http://marc.info/?l=bugtraq&m=104033188706000&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2002:087
XForce ISS Database: mysql-libmysqlclient-readonerow-bo(10850)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10850
XForce ISS Database: mysql-libmysqlclient-readrows-bo(10849)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10849

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50859
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:087 (MySQL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to MySQL announced via advisory MDKSA-2002:087. Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1376 http://security.e-matters.de/advisories/042002.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1373 BugTraq ID: 6368 http://www.securityfocus.com/bid/6368 Bugtraq: 20021212 Advisory 04/2002: Multiple MySQL vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=103971644013961&w=2 Conectiva Linux advisory: CLSA-2002:555 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 Debian Security Information: DSA-212 (Google Search) http://www.debian.org/security/2002/dsa-212 En Garde Linux Advisory: ESA-20030127-001 http://marc.info/?l=bugtraq&m=104004857201968&w=2 Immunix Linux Advisory: IMNX-2003-7+-008-01 http://www.securityfocus.com/advisories/5269 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087 http://security.e-matters.de/advisories/042002.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://www.redhat.com/support/errata/RHSA-2002-289.html http://www.redhat.com/support/errata/RHSA-2003-166.html SuSE Security Announcement: SUSE-SA:2003:003 (Google Search) http://www.novell.com/linux/security/advisories/2003_003_mysql.html http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt XForce ISS Database: mysql-comtabledump-dos(10846) https://exchange.xforce.ibmcloud.com/vulnerabilities/10846 Common Vulnerability Exposure (CVE) ID: CVE-2002-1374 BugTraq ID: 6373 http://www.securityfocus.com/bid/6373 Bugtraq: 20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=104005886114500&w=2 En Garde Linux Advisory: ESA-20021213-033 http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html XForce ISS Database: mysql-comchangeuser-password-bypass(10847) https://exchange.xforce.ibmcloud.com/vulnerabilities/10847 Common Vulnerability Exposure (CVE) ID: CVE-2002-1375 BugTraq ID: 6375 http://www.securityfocus.com/bid/6375 XForce ISS Database: mysql-comchangeuser-password-bo(10848) https://exchange.xforce.ibmcloud.com/vulnerabilities/10848 Common Vulnerability Exposure (CVE) ID: CVE-2002-1376 BugTraq ID: 6370 http://www.securityfocus.com/bid/6370 BugTraq ID: 6374 http://www.securityfocus.com/bid/6374 Bugtraq: 20021215 GLSA: mysql (Google Search) Bugtraq: 20021219 TSLSA-2002-0086 - mysql (Google Search) http://marc.info/?l=bugtraq&m=104033188706000&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2002:087 XForce ISS Database: mysql-libmysqlclient-readonerow-bo(10850) https://exchange.xforce.ibmcloud.com/vulnerabilities/10850 XForce ISS Database: mysql-libmysqlclient-readrows-bo(10849) https://exchange.xforce.ibmcloud.com/vulnerabilities/10849
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com