ID de Prueba:	1.3.6.1.4.1.25623.1.0.52864
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-48 (MySQL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to MySQL announced via advisory TLSA-2005-48. MySQL is a true multi-user, multi-threaded SQL database server. - The remote authenticated users with INSERT and DELETE privileges could allow to execute arbitrary code. - The MySQL allows local users to overwrite files via a symlink attack on temporary files. These vulerabilities could allow local users to overwrite arbitrary files via a symbolic link attack, and/or allow attackers to execute arbitrary code. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-48 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0709 101864 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 12781 http://www.securityfocus.com/bid/12781 2005-0009 http://www.trustix.org/errata/2005/0009/ 20050310 Mysql CREATE FUNCTION libc arbitrary code execution. http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html http://marc.info/?l=bugtraq&m=111066115808506&w=2 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html DSA-707 http://www.debian.org/security/2005/dsa-707 GLSA-200503-19 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml MDKSA-2005:060 http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 RHSA-2005:334 http://www.redhat.com/support/errata/RHSA-2005-334.html RHSA-2005:348 http://www.redhat.com/support/errata/RHSA-2005-348.html SUSE-SA:2005:019 http://www.novell.com/linux/security/advisories/2005_19_mysql.html USN-96-1 https://usn.ubuntu.com/96-1/ oval:org.mitre.oval:def:10479 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479 Common Vulnerability Exposure (CVE) ID: CVE-2005-0710 20050310 Mysql CREATE FUNCTION mysql.func table arbitrary library injection http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html http://marc.info/?l=bugtraq&m=111065974004648&w=2 mysql-udfinit-gain-access(19658) https://exchange.xforce.ibmcloud.com/vulnerabilities/19658 oval:org.mitre.oval:def:10180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180 Common Vulnerability Exposure (CVE) ID: CVE-2005-0711 20050310 Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html oval:org.mitre.oval:def:9591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.