ID de Prueba:	1.3.6.1.4.1.25623.1.0.60249
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:017 (mysql)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mysql announced via advisory MDVSA-2008:017. MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement (CVE-2007-6303). The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns (CVE-2007-6304). The updated packages have been patched to correct these issues. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:017 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6303 BugTraq ID: 26832 http://www.securityfocus.com/bid/26832 Bugtraq: 20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/487606/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html http://security.gentoo.org/glsa/glsa-200804-04.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 http://www.redhat.com/support/errata/RHSA-2007-1157.html http://securitytracker.com/id?1019085 http://secunia.com/advisories/28025 http://secunia.com/advisories/28063 http://secunia.com/advisories/28739 http://secunia.com/advisories/28838 http://secunia.com/advisories/29443 http://secunia.com/advisories/29706 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.ubuntu.com/usn/usn-588-1 http://www.vupen.com/english/advisories/2007/4198 XForce ISS Database: mysql-definer-value-privilege-escalation(38989) https://exchange.xforce.ibmcloud.com/vulnerabilities/38989 Common Vulnerability Exposure (CVE) ID: CVE-2007-6304 Debian Security Information: DSA-1451 (Google Search) http://www.debian.org/security/2008/dsa-1451 http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 http://osvdb.org/42609 http://secunia.com/advisories/28128 http://secunia.com/advisories/28343 http://secunia.com/advisories/28637 https://usn.ubuntu.com/559-1/ XForce ISS Database: mysql-federated-engine-dos(38990) https://exchange.xforce.ibmcloud.com/vulnerabilities/38990
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.