Test Kennung:	1.3.6.1.4.1.25623.1.0.54028
Kategorie:	SuSE Local Security Checks
Titel:	SuSE Security Advisory SUSE-SA:2005:019 (mysql)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory SUSE-SA:2005:019. MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar. This security update fixes a broken mysqlhotcopy script as well as several security related bugs: - CVE-2005-0709: MySQL allowed remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. - CVE-2005-0710: MySQL allowed remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. - CVE-2005-0711: MySQL used predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. The first two vulnerabilities can be exploited by an attacker using SQL inject attack vectors into a flawed PHP application for instance. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2005:019 Risk factor : Medium CVSS Score: 4.6
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0709 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html BugTraq ID: 12781 http://www.securityfocus.com/bid/12781 Bugtraq: 20050310 Mysql CREATE FUNCTION libc arbitrary code execution. (Google Search) http://marc.info/?l=bugtraq&m=111066115808506&w=2 Debian Security Information: DSA-707 (Google Search) http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479 http://www.redhat.com/support/errata/RHSA-2005-334.html http://www.redhat.com/support/errata/RHSA-2005-348.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 SuSE Security Announcement: SUSE-SA:2005:019 (Google Search) http://www.novell.com/linux/security/advisories/2005_19_mysql.html http://www.trustix.org/errata/2005/0009/ https://usn.ubuntu.com/96-1/ http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0710 Bugtraq: 20050310 Mysql CREATE FUNCTION mysql.func table arbitrary library injection (Google Search) http://marc.info/?l=bugtraq&m=111065974004648&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html XForce ISS Database: mysql-udfinit-gain-access(19658) https://exchange.xforce.ibmcloud.com/vulnerabilities/19658 Common Vulnerability Exposure (CVE) ID: CVE-2005-0711 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.