ID de Prueba:	1.3.6.1.4.1.25623.1.0.52839
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-23 (MySQL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to MySQL announced via advisory TLSA-2005-23. MySQL is a true multi-user, multi-threaded SQL database server. Multiple vulnerabilities have been discovered in MySQL: - A vulnerability exists MySQL's temporary file handling. - MySQL checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation this could allow attackers unauthorized access. - A buffer overflow exists in MySQL's mysql_real_connect function. - MySQL allows attackers to cause a denial of service via multiple threads that simultaneously alter MERGE table UNIONs. - A local user is granted privileges to a database with a name containing an underscore (_). These vulnerabilities could allow attackers to overwrite arbitrary files via a symbolic link attack, and/or allow users to circumvent certain database access controls. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-23 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0381 BugTraq ID: 9976 http://www.securityfocus.com/bid/9976 Bugtraq: 20040324 mysqlbug tmpfile/symlink vulnerability. (Google Search) http://marc.info/?l=bugtraq&m=108023246916294&w=2 Bugtraq: 20040414 [OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql) (Google Search) http://marc.info/?l=bugtraq&m=108206802810402&w=2 Computer Incident Advisory Center Bulletin: P-018 http://www.ciac.org/ciac/bulletins/p-018.shtml Debian Security Information: DSA-483 (Google Search) http://www.debian.org/security/2004/dsa-483 http://security.gentoo.org/glsa/glsa-200405-20.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11557 http://www.redhat.com/support/errata/RHSA-2004-569.html http://www.redhat.com/support/errata/RHSA-2004-597.html XForce ISS Database: mysql-mysqlbug-symlink(15617) https://exchange.xforce.ibmcloud.com/vulnerabilities/15617 Common Vulnerability Exposure (CVE) ID: CVE-2004-0388 BugTraq ID: 10142 http://www.securityfocus.com/bid/10142 http://www.osvdb.org/6421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10559 http://securitytracker.com/id?1009784 http://secunia.com/advisories/11223/ XForce ISS Database: mysql-mysqldmulti-symlink(15883) https://exchange.xforce.ibmcloud.com/vulnerabilities/15883 Common Vulnerability Exposure (CVE) ID: CVE-2004-0457 Debian Security Information: DSA-540 (Google Search) http://www.debian.org/security/2004/dsa-540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693 XForce ISS Database: mysql-mysqlhotcopy-insecure-file(17030) https://exchange.xforce.ibmcloud.com/vulnerabilities/17030 Common Vulnerability Exposure (CVE) ID: CVE-2004-0835 BugTraq ID: 11357 http://www.securityfocus.com/bid/11357 Conectiva Linux advisory: CLA-2004:892 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 Debian Security Information: DSA-562 (Google Search) http://www.debian.org/security/2004/dsa-562 http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml http://bugs.mysql.com/bug.php?id=3270 http://lists.mysql.com/internals/13073 http://www.redhat.com/support/errata/RHSA-2004-611.html http://securitytracker.com/id?1011606 http://secunia.com/advisories/12783/ http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: mysql-alter-restriction-bypass(17666) https://exchange.xforce.ibmcloud.com/vulnerabilities/17666 Common Vulnerability Exposure (CVE) ID: CVE-2004-0836 BugTraq ID: 10981 http://www.securityfocus.com/bid/10981 Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110140517515735&w=2 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://secunia.com/advisories/12305/ XForce ISS Database: mysql-realconnect-bo(17047) https://exchange.xforce.ibmcloud.com/vulnerabilities/17047 Common Vulnerability Exposure (CVE) ID: CVE-2004-0837 http://bugs.mysql.com/2408 http://lists.mysql.com/internals/16168 http://lists.mysql.com/internals/16173 http://lists.mysql.com/internals/16174 http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15 XForce ISS Database: mysql-union-dos(17667) https://exchange.xforce.ibmcloud.com/vulnerabilities/17667 Common Vulnerability Exposure (CVE) ID: CVE-2004-0957 Conectiva Linux advisory: CLA-2005:947 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 Debian Security Information: DSA-707 (Google Search) http://www.debian.org/security/2005/dsa-707 http://www.mandriva.com/security/advisories?name=MDKSA-2005:070 https://www.ubuntu.com/usn/usn-32-1/ XForce ISS Database: mysql-underscore-gain-priv(17783) https://exchange.xforce.ibmcloud.com/vulnerabilities/17783
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.