ID de Prueba:	1.3.6.1.4.1.25623.1.0.51935
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:334
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:334. MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL server. Stefano Di Paola discovered two bugs in the way MySQL handles user-defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-0709 and CVE-2005-0710 to these issues. Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0711 to this issue. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-334.html Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0709 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html BugTraq ID: 12781 http://www.securityfocus.com/bid/12781 Bugtraq: 20050310 Mysql CREATE FUNCTION libc arbitrary code execution. (Google Search) http://marc.info/?l=bugtraq&m=111066115808506&w=2 Debian Security Information: DSA-707 (Google Search) http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479 http://www.redhat.com/support/errata/RHSA-2005-334.html http://www.redhat.com/support/errata/RHSA-2005-348.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 SuSE Security Announcement: SUSE-SA:2005:019 (Google Search) http://www.novell.com/linux/security/advisories/2005_19_mysql.html http://www.trustix.org/errata/2005/0009/ https://usn.ubuntu.com/96-1/ http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0710 Bugtraq: 20050310 Mysql CREATE FUNCTION mysql.func table arbitrary library injection (Google Search) http://marc.info/?l=bugtraq&m=111065974004648&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html XForce ISS Database: mysql-udfinit-gain-access(19658) https://exchange.xforce.ibmcloud.com/vulnerabilities/19658 Common Vulnerability Exposure (CVE) ID: CVE-2005-0711 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.