Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:159 (mysql)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64461

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:159 (mysql)

Resumen: The remote host is missing an update to mysql;announced via advisory MDVSA-2009:159.

Descripción: Summary:
The remote host is missing an update to mysql
announced via advisory MDVSA-2009:159.

Vulnerability Insight:
A vulnerability has been found and corrected in mysql:

Multiple format string vulnerabilities in the dispatch_command function
in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow
remote authenticated users to cause a denial of service (daemon crash)
and possibly have unspecified other impact via format string specifiers
in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
NOTE: some of these details are obtained from third party information
(CVE-2009-2446).

This update provides fixes for this vulnerability.

Affected: 2008.1, 2009.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2446
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 35609
http://www.securityfocus.com/bid/35609
Bugtraq: 20090708 MySQL <= 5.0.45 post auth format string vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504799/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
http://www.osvdb.org/55734
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://securitytracker.com/id?1022533
http://secunia.com/advisories/35767
http://secunia.com/advisories/36566
http://secunia.com/advisories/38517
http://www.ubuntu.com/usn/USN-1397-1
http://ubuntu.com/usn/usn-897-1
http://www.vupen.com/english/advisories/2009/1857
XForce ISS Database: mysql-dispatchcommand-format-string(51614)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51614

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64461
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:159 (mysql)
Resumen:	The remote host is missing an update to mysql;announced via advisory MDVSA-2009:159.
Descripción:	Summary: The remote host is missing an update to mysql announced via advisory MDVSA-2009:159. Vulnerability Insight: A vulnerability has been found and corrected in mysql: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446). This update provides fixes for this vulnerability. Affected: 2008.1, 2009.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2446 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 35609 http://www.securityfocus.com/bid/35609 Bugtraq: 20090708 MySQL <= 5.0.45 post auth format string vulnerability (Google Search) http://www.securityfocus.com/archive/1/504799/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:179 http://www.osvdb.org/55734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857 http://www.redhat.com/support/errata/RHSA-2009-1289.html http://www.redhat.com/support/errata/RHSA-2010-0110.html http://securitytracker.com/id?1022533 http://secunia.com/advisories/35767 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://www.ubuntu.com/usn/USN-1397-1 http://ubuntu.com/usn/usn-897-1 http://www.vupen.com/english/advisories/2009/1857 XForce ISS Database: mysql-dispatchcommand-format-string(51614) https://exchange.xforce.ibmcloud.com/vulnerabilities/51614
Copyright	Copyright (C) 2009 E-Soft Inc.