ID de Prueba:	1.3.6.1.4.1.25623.1.0.68321
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:155-1 (mysql)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mysql announced via advisory MDVSA-2010:155-1. Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008). Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as: * LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. (Bug#52512) (CVE-2010-3683) * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711) (CVE-2010-3682) * The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681) * A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash. (Bug#54393) (CVE-2010-3679) * Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678) * Joins involving a table with with a unique SET column could cause a server crash. (Bug#54575) (CVE-2010-3677) * Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. (Bug#54044) (CVE-2010-3680) The updated packages have been patched to correct these issues. Update: Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory. This advisory provides the missing packages. Affected: 2009.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:155-1 http://bugs.mysql.com/bug.php?id=52512 http://bugs.mysql.com/bug.php?id=52711 http://bugs.mysql.com/bug.php?id=54007 http://bugs.mysql.com/bug.php?id=54393 http://bugs.mysql.com/bug.php?id=54477 http://bugs.mysql.com/bug.php?id=54575 http://bugs.mysql.com/bug.php?id=54044 Risk factor : Medium CVSS Score: 4.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2008 BugTraq ID: 41198 http://www.securityfocus.com/bid/41198 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869 http://www.securitytracker.com/id?1024160 http://secunia.com/advisories/40333 http://secunia.com/advisories/40762 http://www.ubuntu.com/usn/USN-1017-1 http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2010/1918 Common Vulnerability Exposure (CVE) ID: CVE-2010-3683 BugTraq ID: 42625 http://www.securityfocus.com/bid/42625 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.redhat.com/support/errata/RHSA-2011-0164.html http://secunia.com/advisories/42936 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SuSE Security Announcement: SUSE-SR:2010:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://www.vupen.com/english/advisories/2011/0133 http://www.vupen.com/english/advisories/2011/0170 XForce ISS Database: mysql-ok-packet-dos(64683) https://exchange.xforce.ibmcloud.com/vulnerabilities/64683 Common Vulnerability Exposure (CVE) ID: CVE-2010-3682 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html BugTraq ID: 42599 http://www.securityfocus.com/bid/42599 Debian Security Information: DSA-2143 (Google Search) http://www.debian.org/security/2011/dsa-2143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://secunia.com/advisories/42875 TurboLinux Advisory: TLSA-2011-3 http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt http://www.vupen.com/english/advisories/2011/0105 http://www.vupen.com/english/advisories/2011/0345 XForce ISS Database: mysql-itemsinglerowsubselect-dos(64684) https://exchange.xforce.ibmcloud.com/vulnerabilities/64684 Common Vulnerability Exposure (CVE) ID: CVE-2010-3681 BugTraq ID: 42633 http://www.securityfocus.com/bid/42633 http://www.redhat.com/support/errata/RHSA-2010-0824.html XForce ISS Database: mysql-handler-interface-dos(64685) https://exchange.xforce.ibmcloud.com/vulnerabilities/64685 Common Vulnerability Exposure (CVE) ID: CVE-2010-3679 BugTraq ID: 42638 http://www.securityfocus.com/bid/42638 XForce ISS Database: mysql-binlog-command-dos(64687) https://exchange.xforce.ibmcloud.com/vulnerabilities/64687 Common Vulnerability Exposure (CVE) ID: CVE-2010-3678 BugTraq ID: 42596 http://www.securityfocus.com/bid/42596 Common Vulnerability Exposure (CVE) ID: CVE-2010-3677 BugTraq ID: 42646 http://www.securityfocus.com/bid/42646 http://bugs.mysql.com/bug.php?id=54575 XForce ISS Database: mysql-setcolumn-dos(64688) https://exchange.xforce.ibmcloud.com/vulnerabilities/64688 Common Vulnerability Exposure (CVE) ID: CVE-2010-3680 BugTraq ID: 42598 http://www.securityfocus.com/bid/42598 XForce ISS Database: mysql-innodb-dos(64686) https://exchange.xforce.ibmcloud.com/vulnerabilities/64686
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.