Test ID:	1.3.6.1.4.1.25623.1.0.61315
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:150 (mysql)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mysql announced via advisory MDVSA-2008:150. Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a special Hello packet (CVE-2008-0227). Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct these issues. Affected: 2007.1, 2008.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:150 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0226 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 27140 http://www.securityfocus.com/bid/27140 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080104 Multiple vulnerabilities in yaSSL 1.7.5 (Google Search) http://www.securityfocus.com/archive/1/485810/100/0/threaded Bugtraq: 20080104 Pre-auth buffer-overflow in mySQL through yaSSL (Google Search) http://www.securityfocus.com/archive/1/485811/100/0/threaded Debian Security Information: DSA-1478 (Google Search) http://www.debian.org/security/2008/dsa-1478 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 http://secunia.com/advisories/28324 http://secunia.com/advisories/28419 http://secunia.com/advisories/28597 http://secunia.com/advisories/29443 http://secunia.com/advisories/32222 http://securityreason.com/securityalert/3531 http://www.ubuntu.com/usn/usn-588-1 http://www.vupen.com/english/advisories/2008/0560/references http://www.vupen.com/english/advisories/2008/2780 XForce ISS Database: yassl-inputbufferoperator-bo(39431) https://exchange.xforce.ibmcloud.com/vulnerabilities/39431 XForce ISS Database: yassl-processoldclienthello-bo(39429) https://exchange.xforce.ibmcloud.com/vulnerabilities/39429 Common Vulnerability Exposure (CVE) ID: CVE-2008-0227 XForce ISS Database: yassl-hashwithtransformupdate-dos(39433) https://exchange.xforce.ibmcloud.com/vulnerabilities/39433 Common Vulnerability Exposure (CVE) ID: CVE-2008-2079 1019995 http://www.securitytracker.com/id?1019995 29106 http://www.securityfocus.com/bid/29106 30134 http://secunia.com/advisories/30134 31066 http://secunia.com/advisories/31066 31226 http://secunia.com/advisories/31226 31681 31687 http://secunia.com/advisories/31687 32222 32769 http://secunia.com/advisories/32769 36566 http://secunia.com/advisories/36566 36701 http://secunia.com/advisories/36701 ADV-2008-1472 http://www.vupen.com/english/advisories/2008/1472/references ADV-2008-2780 APPLE-SA-2008-10-09 APPLE-SA-2009-09-10-2 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DSA-1608 http://www.debian.org/security/2008/dsa-1608 MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 MDVSA-2008:150 RHSA-2008:0505 http://www.redhat.com/support/errata/RHSA-2008-0505.html RHSA-2008:0510 http://www.redhat.com/support/errata/RHSA-2008-0510.html RHSA-2008:0768 http://www.redhat.com/support/errata/RHSA-2008-0768.html RHSA-2009:1289 http://www.redhat.com/support/errata/RHSA-2009-1289.html SUSE-SR:2008:017 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html USN-671-1 http://www.ubuntu.com/usn/USN-671-1 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3865 mysql-myisam-security-bypass(42267) https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 oval:org.mitre.oval:def:10133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.