ID de Prueba:	1.3.6.1.4.1.25623.1.0.58435
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:139 (MySQL)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to MySQL announced via advisory MDKSA-2007:139. MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. (CVE-2007-1420) The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583) MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691) Updated packages have been patched to prevent the above issues. Affected: 2007.0, 2007.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:139 Risk factor : Medium CVSS Score: 4.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1420 BugTraq ID: 22900 http://www.securityfocus.com/bid/22900 Bugtraq: 20070309 SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service (Google Search) http://www.securityfocus.com/archive/1/462339/100/0/threaded http://security.gentoo.org/glsa/glsa-200705-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 http://www.sec-consult.com/284.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9530 http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.securitytracker.com/id?1017746 http://secunia.com/advisories/24483 http://secunia.com/advisories/24609 http://secunia.com/advisories/25196 http://secunia.com/advisories/25389 http://secunia.com/advisories/25946 http://secunia.com/advisories/30351 http://securityreason.com/securityalert/2413 http://www.ubuntu.com/usn/usn-440-1 http://www.vupen.com/english/advisories/2007/0908 Common Vulnerability Exposure (CVE) ID: CVE-2007-2583 BugTraq ID: 23911 http://www.securityfocus.com/bid/23911 Debian Security Information: DSA-1413 (Google Search) http://www.debian.org/security/2007/dsa-1413 http://www.exploit-db.com/exploits/30020 http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html http://www.osvdb.org/34734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9930 http://secunia.com/advisories/25188 http://secunia.com/advisories/25255 http://secunia.com/advisories/27155 http://secunia.com/advisories/27823 http://secunia.com/advisories/28838 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.trustix.org/errata/2007/0017/ https://usn.ubuntu.com/528-1/ http://www.vupen.com/english/advisories/2007/1731 XForce ISS Database: mysql-if-dos(34232) https://exchange.xforce.ibmcloud.com/vulnerabilities/34232 Common Vulnerability Exposure (CVE) ID: CVE-2007-2691 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 24016 http://www.securityfocus.com/bid/24016 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server (Google Search) http://www.securityfocus.com/archive/1/473874/100/0/threaded http://bugs.mysql.com/bug.php?id=27515 http://lists.mysql.com/announce/470 http://osvdb.org/34766 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 http://www.redhat.com/support/errata/RHSA-2007-0894.html http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.securitytracker.com/id?1018069 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/31226 http://secunia.com/advisories/32222 http://www.vupen.com/english/advisories/2007/1804 http://www.vupen.com/english/advisories/2008/2780 XForce ISS Database: mysql-renametable-weak-security(34347) https://exchange.xforce.ibmcloud.com/vulnerabilities/34347
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.