Test Kennung:	1.3.6.1.4.1.25623.1.0.56861
Kategorie:	Slackware Local Security Checks
Titel:	Slackware Advisory SSA:2006-155-01 mysql
Zusammenfassung:	The remote host is missing an update as announced;via advisory SSA:2006-155-01.
Beschreibung:	Summary: The remote host is missing an update as announced via advisory SSA:2006-155-01. Vulnerability Insight: New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues. The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages, and was already patched in Slackware 10.2 and -current. Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default. The MySQL packages in Slackware 10.2 and -current have been upgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22 (Slackware -current) to fix an SQL injection vulnerability. Solution: Upgrade to the new package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1516 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 17780 http://www.securityfocus.com/bid/17780 Bugtraq: 20060502 MySQL Anonymous Login Handshake - Information Leakage. (Google Search) http://www.securityfocus.com/archive/1/432733/100/0/threaded Bugtraq: 20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage (Google Search) http://www.securityfocus.com/archive/1/434164/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1071 (Google Search) http://www.debian.org/security/2006/dsa-1071 Debian Security Information: DSA-1073 (Google Search) http://www.debian.org/security/2006/dsa-1073 Debian Security Information: DSA-1079 (Google Search) http://www.debian.org/security/2006/dsa-1079 http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:084 http://www.wisec.it/vulns.php?page=7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9918 http://www.redhat.com/support/errata/RHSA-2006-0544.html http://securitytracker.com/id?1016017 http://secunia.com/advisories/19929 http://secunia.com/advisories/20002 http://secunia.com/advisories/20073 http://secunia.com/advisories/20076 http://secunia.com/advisories/20223 http://secunia.com/advisories/20241 http://secunia.com/advisories/20253 http://secunia.com/advisories/20333 http://secunia.com/advisories/20424 http://secunia.com/advisories/20457 http://secunia.com/advisories/20625 http://secunia.com/advisories/20762 http://secunia.com/advisories/24479 http://secunia.com/advisories/29847 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377 http://securityreason.com/securityalert/840 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 SuSE Security Announcement: SUSE-SA:2006:036 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html SuSE Security Announcement: SUSE-SR:2006:012 (Google Search) http://www.novell.com/linux/security/advisories/2006-06-02.html http://www.trustix.org/errata/2006/0028 https://usn.ubuntu.com/283-1/ http://www.vupen.com/english/advisories/2006/1633 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2008/1326/references XForce ISS Database: mysql-login-packet-info-disclosure(26236) https://exchange.xforce.ibmcloud.com/vulnerabilities/26236 Common Vulnerability Exposure (CVE) ID: CVE-2006-1517 Bugtraq: 20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution. (Google Search) http://www.securityfocus.com/archive/1/432734/100/0/threaded http://www.wisec.it/vulns.php?page=8 http://www.osvdb.org/25228 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11036 http://securitytracker.com/id?1016016 http://securityreason.com/securityalert/839 XForce ISS Database: mysql-sqlparcecc-information-disclosure(26228) https://exchange.xforce.ibmcloud.com/vulnerabilities/26228 Common Vulnerability Exposure (CVE) ID: CVE-2006-2753 BugTraq ID: 18219 http://www.securityfocus.com/bid/18219 Debian Security Information: DSA-1092 (Google Search) http://www.debian.org/security/2006/dsa-1092 http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:097 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10312 http://securitytracker.com/id?1016216 http://secunia.com/advisories/20365 http://secunia.com/advisories/20489 http://secunia.com/advisories/20531 http://secunia.com/advisories/20541 http://secunia.com/advisories/20562 http://secunia.com/advisories/20712 http://www.trustix.org/errata/2006/0034/ http://www.ubuntu.com/usn/usn-288-3 https://usn.ubuntu.com/303-1/ http://www.vupen.com/english/advisories/2006/2105 XForce ISS Database: mysql-ascii-sql-injection(26875) https://exchange.xforce.ibmcloud.com/vulnerabilities/26875
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.