ID de Prueba:	1.3.6.1.4.1.25623.1.0.59987
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:243 (MySQL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to MySQL announced via advisory MDKSA-2007:243. A vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error (CVE-2007-5925). Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to (CVE-2007-5969). The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:243 Risk factor : High CVSS Score: 7.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3781 BugTraq ID: 25017 http://www.securityfocus.com/bid/25017 Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/473874/100/0/threaded Debian Security Information: DSA-1451 (Google Search) http://www.debian.org/security/2008/dsa-1451 http://security.gentoo.org/glsa/glsa-200708-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 http://bugs.mysql.com/bug.php?id=25578 http://lists.mysql.com/announce/470 http://osvdb.org/37783 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 http://www.redhat.com/support/errata/RHSA-2007-0894.html http://www.redhat.com/support/errata/RHSA-2008-0364.html http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26987 http://secunia.com/advisories/28040 http://secunia.com/advisories/28108 http://secunia.com/advisories/28128 http://secunia.com/advisories/28343 http://secunia.com/advisories/30351 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 https://usn.ubuntu.com/559-1/ Common Vulnerability Exposure (CVE) ID: CVE-2007-5925 BugTraq ID: 26353 http://www.securityfocus.com/bid/26353 Debian Security Information: DSA-1413 (Google Search) http://www.debian.org/security/2007/dsa-1413 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067350.html http://security.gentoo.org/glsa/glsa-200711-25.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11390 http://www.redhat.com/support/errata/RHSA-2007-1155.html http://www.redhat.com/support/errata/RHSA-2007-1157.html http://www.securitytracker.com/id?1018978 http://secunia.com/advisories/27568 http://secunia.com/advisories/27649 http://secunia.com/advisories/27823 http://secunia.com/advisories/28025 http://secunia.com/advisories/28099 http://secunia.com/advisories/28838 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2007/3903 XForce ISS Database: mysql-hainnodb-dos(38284) https://exchange.xforce.ibmcloud.com/vulnerabilities/38284 Common Vulnerability Exposure (CVE) ID: CVE-2007-5969 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 26765 http://www.securityfocus.com/bid/26765 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/486477/100/0/threaded http://security.gentoo.org/glsa/glsa-200804-04.xml http://lists.mysql.com/announce/495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 http://www.securitytracker.com/id?1019060 http://secunia.com/advisories/27981 http://secunia.com/advisories/28063 http://secunia.com/advisories/28559 http://secunia.com/advisories/29706 http://secunia.com/advisories/32222 http://www.vupen.com/english/advisories/2007/4142 http://www.vupen.com/english/advisories/2007/4198 http://www.vupen.com/english/advisories/2008/0560/references http://www.vupen.com/english/advisories/2008/1000/references http://www.vupen.com/english/advisories/2008/2780
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.