Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.62863
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0083
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0083.

Several minor security issues were found in MySQL:

MySQL allowed remote authenticated users to create or access a database
when the database name differed only in case from a database for which they
had permissions. (CVE-2006-4226)

MySQL evaluated arguments in the wrong security context which allowed
remote authenticated users to gain privileges through a routine that had
been made available using GRANT EXECUTE. (CVE-2006-4227)

MySQL allowed a local user to access a table through a previously created
MERGE table, even after the user's privileges were revoked for the original
table, which might violate intended security policy. (CVE-2006-4031)

MySQL allowed authenticated users to cause a denial of service (crash) via
a NULL second argument to the str_to_date function. (CVE-2006-3081)

MySQL allowed local authenticated users to bypass logging mechanisms via
SQL queries that contain the NULL character, which were not properly
handled by the mysql_real_query function. (CVE-2006-0903)

Users of MySQL should upgrade to these updated packages, which resolve
these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0083.html
http://www.redhat.com/security/updates/classification/#low

Risk factor : High

CVSS Score:
6.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0903
BugTraq ID: 16850
http://www.securityfocus.com/bid/16850
Debian Security Information: DSA-1071 (Google Search)
http://www.debian.org/security/2006/dsa-1071
Debian Security Information: DSA-1073 (Google Search)
http://www.debian.org/security/2006/dsa-1073
Debian Security Information: DSA-1079 (Google Search)
http://www.debian.org/security/2006/dsa-1079
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:064
http://rst.void.ru/papers/advisory39.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915
http://www.redhat.com/support/errata/RHSA-2006-0544.html
http://www.redhat.com/support/errata/RHSA-2007-0083.html
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://securitytracker.com/id?1015693
http://secunia.com/advisories/19034
http://secunia.com/advisories/19502
http://secunia.com/advisories/19814
http://secunia.com/advisories/20241
http://secunia.com/advisories/20253
http://secunia.com/advisories/20333
http://secunia.com/advisories/20625
http://secunia.com/advisories/30351
https://usn.ubuntu.com/274-1/
http://www.ubuntu.com/usn/usn-274-2
http://www.vupen.com/english/advisories/2006/0752
XForce ISS Database: mysql-query-log-bypass-security(24966)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24966
Common Vulnerability Exposure (CVE) ID: CVE-2006-3081
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
BugTraq ID: 18439
http://www.securityfocus.com/bid/18439
Bugtraq: 20060614 MySQL DoS (Google Search)
http://www.securityfocus.com/archive/1/437145
Bugtraq: 20060615 Re: MySQL DoS (Google Search)
http://www.securityfocus.com/archive/1/437277
http://www.securityfocus.com/archive/1/437571/100/0/threaded
Cert/CC Advisory: TA06-208A
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
Cert/CC Advisory: TA07-072A
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Debian Security Information: DSA-1112 (Google Search)
http://www.debian.org/security/2006/dsa-1112
http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516
http://secunia.com/advisories/19929
http://secunia.com/advisories/20832
http://secunia.com/advisories/20871
http://secunia.com/advisories/24479
https://usn.ubuntu.com/306-1/
http://www.vupen.com/english/advisories/2007/0930
XForce ISS Database: mysql-select-dos(27212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27212
Common Vulnerability Exposure (CVE) ID: CVE-2006-4031
BugTraq ID: 19279
http://www.securityfocus.com/bid/19279
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
http://bugs.mysql.com/bug.php?id=15195
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
http://www.redhat.com/support/errata/RHSA-2008-0768.html
http://securitytracker.com/id?1016617
http://secunia.com/advisories/21259
http://secunia.com/advisories/21382
http://secunia.com/advisories/21627
http://secunia.com/advisories/21685
http://secunia.com/advisories/21770
http://secunia.com/advisories/22080
http://secunia.com/advisories/31226
SuSE Security Announcement: SUSE-SR:2006:023 (Google Search)
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.ubuntu.com/usn/usn-338-1
http://www.vupen.com/english/advisories/2006/3079
Common Vulnerability Exposure (CVE) ID: CVE-2006-4226
BugTraq ID: 19559
http://www.securityfocus.com/bid/19559
Debian Security Information: DSA-1169 (Google Search)
http://www.debian.org/security/2006/dsa-1169
http://bugs.mysql.com/bug.php?id=17647
http://lists.mysql.com/commits/5927
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729
http://www.redhat.com/support/errata/RHSA-2007-0152.html
http://securitytracker.com/id?1016710
http://secunia.com/advisories/21506
http://secunia.com/advisories/21762
http://secunia.com/advisories/24744
http://www.vupen.com/english/advisories/2006/3306
XForce ISS Database: mysql-case-privilege-escalation(28448)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28448
Common Vulnerability Exposure (CVE) ID: CVE-2006-4227
http://lists.mysql.com/commits/7918
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10105
http://securitytracker.com/id?1016709
XForce ISS Database: mysql-grant-execute-privilege-escalation(28442)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28442
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.