Conectiva Local Security Checks : Conectiva Security Advisory CLA-2001:421

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51583

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2001:421

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2001:421.

mod_auth_mysql is an authentication module for apache which
authenticates users against a MySQL database.
RUS-CERT[3] discovered a vulnerability[1][2] in several Apache
authentication modules which use SQL databases to retrieve user
information. This vulnerability allows a remote attacker to change
the query that the module sends to the SQL server and potentially
circumvent the authentication process.
The mysql_query() function, used by this module, does not allow
multiple commands do be sent to the server, that is, the

character is not allowed. This restricts this vulnerability somewhat,
since the attacker can no longer issue other commands besides the
SELECT one the module is already doing, but he/she can still mangle
this query and this should not be underestimated.
Additionally, this update also fixes a problem with this package
which wasn't linked against the MySQL libraries in previous releases.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2001:421
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51583
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2001:421
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2001:421. mod_auth_mysql is an authentication module for apache which authenticates users against a MySQL database. RUS-CERT[3] discovered a vulnerability[1][2] in several Apache authentication modules which use SQL databases to retrieve user information. This vulnerability allows a remote attacker to change the query that the module sends to the SQL server and potentially circumvent the authentication process. The mysql_query() function, used by this module, does not allow multiple commands do be sent to the server, that is, the character is not allowed. This restricts this vulnerability somewhat, since the attacker can no longer issue other commands besides the SELECT one the module is already doing, but he/she can still mangle this query and this should not be underestimated. Additionally, this update also fixes a problem with this package which wasn't linked against the MySQL libraries in previous releases. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2001:421 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com