 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.67435 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandriva Security Advisory MDVSA-2010:107 (mysql) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to mysql announced via advisory MDVSA-2010:107. Multiple vulnerabilities has been found and corrected in mysql: The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST (CVE-2010-1848). The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet CVE-2010-1849). The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code (CVE-2010-1850). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:107 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html Risk factor : High CVSS Score: 6.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1848 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:107 http://lists.mysql.com/commits/107532 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210 http://www.redhat.com/support/errata/RHSA-2010-0442.html http://www.redhat.com/support/errata/RHSA-2010-0824.html http://securitytracker.com/id?1024031 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SuSE Security Announcement: SUSE-SR:2010:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://www.ubuntu.com/usn/USN-1397-1 Common Vulnerability Exposure (CVE) ID: CVE-2010-1849 http://lists.mysql.com/commits/106060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7328 http://securitytracker.com/id?1024032 Common Vulnerability Exposure (CVE) ID: CVE-2010-1850 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693 http://securitytracker.com/id?1024033 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |