Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title MySQL vulnerabilities
Informations
NameUSN-1397-1First vendor Publication2012-03-12
VendorUbuntuLast vendor Modification2012-03-12
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score8.5Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description: - mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10:
mysql-server-5.1 5.1.61-0ubuntu0.11.10.1

Ubuntu 11.04:
mysql-server-5.1 5.1.61-0ubuntu0.11.04.1

Ubuntu 10.10:
mysql-server-5.1 5.1.61-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:
mysql-server-5.1 5.1.61-0ubuntu0.10.04.1

Ubuntu 8.04 LTS:
mysql-server-5.0 5.0.95-0ubuntu1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1397-1
CVE-2007-5925, CVE-2008-3963, CVE-2008-4098, CVE-2008-4456,
CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030,
CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848,
CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3677,
CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681,
CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834,
CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838,
CVE-2010-3839, CVE-2010-3840, CVE-2011-2262, CVE-2012-0075,
CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112,
CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116,

Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.1/5.1.61-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/mysql-5.1/5.1.61-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/mysql-5.1/5.1.61-0ubuntu0.10.10.1
https://launchpad.net/ubuntu/+source/mysql-dfsg-5.1/5.1.61-0ubuntu0.10.04.1
https://launchpad.net/ubuntu/+source/mysql-dfsg-5.0/5.0.95-0ubuntu1

Original Source

Url : http://www.ubuntu.com/usn/USN-1397-1

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-264Permissions, Privileges, and Access Controls
CWE-134Uncontrolled Format String (CWE/SANS Top 25)
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-20Improper Input Validation
CWE-189Numeric Errors (CWE/SANS Top 25)
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20366
 
Oval ID: oval:org.mitre.oval:def:20366
Title: DSA-1413-1 mysql - multiple
Description: Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorised database modifications to remotely triggered server crashes.
Family: unix Class: patch
Reference(s): DSA-1413-1
CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3780
CVE-2007-3782
CVE-2007-5925
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11390
 
Oval ID: oval:org.mitre.oval:def:11390
Title: The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Description: The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5925
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21851
 
Oval ID: oval:org.mitre.oval:def:21851
Title: ELSA-2007:1155: mysql security update (Important)
Description: MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Family: unix Class: patch
Reference(s): ELSA-2007:1155-01
CVE-2007-5969
CVE-2007-5925
Version: 13
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16963
 
Oval ID: oval:org.mitre.oval:def:16963
Title: USN-671-1 -- mysql-dfsg-5.0 vulnerabilities
Description: It was discovered that MySQL could be made to overwrite existing table files in the data directory.
Family: unix Class: patch
Reference(s): USN-671-1
CVE-2008-2079
CVE-2008-4097
CVE-2008-4098
CVE-2008-3963
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10521
 
Oval ID: oval:org.mitre.oval:def:10521
Title: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Description: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3963
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10591
 
Oval ID: oval:org.mitre.oval:def:10591
Title: MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Description: MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4098
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7877
 
Oval ID: oval:org.mitre.oval:def:7877
Title: DSA-1783 mysql-dfsg-5.0 -- multiple vulnerabilities
Description: Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application. The Common Vulnerabilities and Exposures project identifies the following two problems: Kay Roepke reported that the MySQL server would not properly handle an empty bit-string literal in an SQL statement, allowing an authenticated remote attacker to cause a denial of service (a crash) in mysqld. This issue affects the oldstable distribution (etch), but not the stable distribution (lenny). Thomas Henlich reported that the MySQL commandline client application did not encode HTML special characters when run in HTML output mode (that is, "mysql --html ..."). This could potentially lead to cross-site scripting or unintended script privilege escalation if the resulting output is viewed in a browser or incorporated into a web site.
Family: unix Class: patch
Reference(s): DSA-1783
CVE-2008-3963
CVE-2008-4456
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20178
 
Oval ID: oval:org.mitre.oval:def:20178
Title: DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
Description: Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application.
Family: unix Class: patch
Reference(s): DSA-1783-1
CVE-2008-3963
CVE-2008-4456
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11456
 
Oval ID: oval:org.mitre.oval:def:11456
Title: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Description: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4456
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7905
 
Oval ID: oval:org.mitre.oval:def:7905
Title: DSA-1877 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Description: In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.
Family: unix Class: patch
Reference(s): DSA-1877
CVE-2009-2446
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12751
 
Oval ID: oval:org.mitre.oval:def:12751
Title: DSA-1877-1 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Description: In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. For the stable distribution, this problem has been fixed in version 5.0.51a-24+lenny2. For the old stable distribution, this problem has been fixed in version 5.0.32-7etch11. We recommend that you upgrade your mysql packages.
Family: unix Class: patch
Reference(s): DSA-1877-1
CVE-2009-2446
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11857
 
Oval ID: oval:org.mitre.oval:def:11857
Title: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Description: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2446
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22888
 
Oval ID: oval:org.mitre.oval:def:22888
Title: ELSA-2009:1289: mysql security and bug fix update (Moderate)
Description: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2009:1289-02
CVE-2008-2079
CVE-2008-3963
CVE-2008-4456
CVE-2009-2446
Version: 21
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8500
 
Oval ID: oval:org.mitre.oval:def:8500
Title: MySQL 5.0 and 5.1 SELECT Statement DOS Vulnerability
Description: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Family: windows Class: vulnerability
Reference(s): CVE-2009-4019
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Product(s): MySQL Server 5.0
MySQL Server 5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11349
 
Oval ID: oval:org.mitre.oval:def:11349
Title: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Description: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4019
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8156
 
Oval ID: oval:org.mitre.oval:def:8156
Title: MySQL 5.1 Privilege Bypass with DATA/INDEX DIRECTORY
Description: MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family: windows Class: vulnerability
Reference(s): CVE-2009-4030
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Product(s): MySQL Server 5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21419
 
Oval ID: oval:org.mitre.oval:def:21419
Title: RHSA-2010:0109: mysql security update (Moderate)
Description: MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family: unix Class: patch
Reference(s): RHSA-2010:0109-01
CESA-2010:0109
CVE-2009-4019
CVE-2009-4028
CVE-2009-4030
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11116
 
Oval ID: oval:org.mitre.oval:def:11116
Title: MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Description: MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4030
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22758
 
Oval ID: oval:org.mitre.oval:def:22758
Title: ELSA-2010:0109: mysql security update (Moderate)
Description: MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family: unix Class: patch
Reference(s): ELSA-2010:0109-01
CVE-2009-4019
CVE-2009-4028
CVE-2009-4030
Version: 17
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6799
 
Oval ID: oval:org.mitre.oval:def:6799
Title: DSA-1997 mysql-dfsg-5.0 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field.
Family: unix Class: patch
Reference(s): DSA-1997
CVE-2009-4019
CVE-2009-4030
CVE-2009-4484
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20084
 
Oval ID: oval:org.mitre.oval:def:20084
Title: DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the MySQL database server.
Family: unix Class: patch
Reference(s): DSA-1997-1
CVE-2009-4019
CVE-2009-4030
CVE-2009-4484
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13088
 
Oval ID: oval:org.mitre.oval:def:13088
Title: USN-897-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile
Family: unix Class: patch
Reference(s): USN-897-1
CVE-2008-4098
CVE-2008-4456
CVE-2008-7247
CVE-2009-2446
CVE-2009-4019
CVE-2009-4030
CVE-2009-4484
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): mysql-dfsg-5.0
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9490
 
Oval ID: oval:org.mitre.oval:def:9490
Title: MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
Description: MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1626
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7210
 
Oval ID: oval:org.mitre.oval:def:7210
Title: Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
Description: Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1848
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Product(s): MySQL Server 5.0
MySQL Server 5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10258
 
Oval ID: oval:org.mitre.oval:def:10258
Title: Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Description: Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1848
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7328
 
Oval ID: oval:org.mitre.oval:def:7328
Title: Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability
Description: The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1849
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Product(s): MySQL Server 5.0
MySQL Server 5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6693
 
Oval ID: oval:org.mitre.oval:def:6693
Title: Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
Description: Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1850
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Product(s): MySQL Server 5.0
MySQL Server 5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22134
 
Oval ID: oval:org.mitre.oval:def:22134
Title: RHSA-2010:0442: mysql security update (Important)
Description: Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Family: unix Class: patch
Reference(s): RHSA-2010:0442-01
CESA-2010:0442
CVE-2010-1626
CVE-2010-1848
CVE-2010-1850
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13286
 
Oval ID: oval:org.mitre.oval:def:13286
Title: DSA-2057-1 mysql-dfsg-5.0 -- several
Description: Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1626 MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. CVE-2010-1848 MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. CVE-2010-1849 MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. CVE-2010-1850 MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. For the stable distribution, these problems have been fixed in version 5.0.51a-24+lenny4 The testing and unstable distribution do not contain mysql-dfsg-5.0 anymore. We recommend that you upgrade your mysql-dfsg-5.0 package.
Family: unix Class: patch
Reference(s): DSA-2057-1
CVE-2010-1626
CVE-2010-1848
CVE-2010-1849
CVE-2010-1850
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12968
 
Oval ID: oval:org.mitre.oval:def:12968
Title: USN-950-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description: It was discovered that MySQL did not check privileges before uninstalling plugins. An authenticated user could uninstall arbitrary plugins, bypassing intended restrictions. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL could be made to delete another user�s data and index files. An authenticated user could use symlinks combined with the DROP TABLE command to possibly bypass privilege checks. It was discovered that MySQL incorrectly validated the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially- crafted table name to bypass privilege checks and possibly access other tables. Eric Day discovered that MySQL incorrectly handled certain network packets. A remote attacker could exploit this flaw and cause the server to consume all available resources, resulting in a denial of service. It was discovered that MySQL performed incorrect bounds checking on the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially-crafted table name to cause a denial of service or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service
Family: unix Class: patch
Reference(s): USN-950-1
CVE-2010-1621
CVE-2010-1626
CVE-2010-1848
CVE-2010-1849
CVE-2010-1850
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): mysql-dfsg-5.0
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11765
 
Oval ID: oval:org.mitre.oval:def:11765
Title: DSA-2057 mysql-dfsg-5.0 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code.
Family: unix Class: patch
Reference(s): DSA-2057
CVE-2010-1626
CVE-2010-1848
CVE-2010-1849
CVE-2010-1850
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10846
 
Oval ID: oval:org.mitre.oval:def:10846
Title: Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Description: Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1850
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23130
 
Oval ID: oval:org.mitre.oval:def:23130
Title: ELSA-2010:0442: mysql security update (Important)
Description: Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Family: unix Class: patch
Reference(s): ELSA-2010:0442-01
CVE-2010-1626
CVE-2010-1848
CVE-2010-1850
Version: 17
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11869
 
Oval ID: oval:org.mitre.oval:def:11869
Title: Oracle MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability
Description: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2008
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Product(s): MySQL Server 5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22337
 
Oval ID: oval:org.mitre.oval:def:22337
Title: RHSA-2010:0825: mysql security update (Moderate)
Description: The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family: unix Class: patch
Reference(s): RHSA-2010:0825-01
CESA-2010:0825
CVE-2010-3677
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3833
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840
Version: 146
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21911
 
Oval ID: oval:org.mitre.oval:def:21911
Title: RHSA-2011:0164: mysql security update (Moderate)
Description: The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family: unix Class: patch
Reference(s): RHSA-2011:0164-01
CVE-2010-3677
CVE-2010-3678
CVE-2010-3679
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3683
CVE-2010-3833
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840
Version: 185
Platform(s): Red Hat Enterprise Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13602
 
Oval ID: oval:org.mitre.oval:def:13602
Title: USN-1017-1 -- mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description: It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled NULL arguments to IN or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service
Family: unix Class: patch
Reference(s): USN-1017-1
CVE-2010-2008
CVE-2010-3677
CVE-2010-3678
CVE-2010-3679
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3683
CVE-2010-3833
CVE-2010-3834
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): mysql-5.1
mysql-dfsg-5.0
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12161
 
Oval ID: oval:org.mitre.oval:def:12161
Title: DSA-2143-1 mysql-dfsg-5.0 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service via a join query that uses a table with a unique SET column. CVE-2010-3680 It was discovered that MySQL allows remote authenticated users to cause a denial of service by creating temporary tables while using InnoDB, which triggers an assertion failure. CVE-2010-3681 It was discovered that MySQL allows remote authenticated users to cause a denial of service by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. CVE-2010-3682 It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could crash the server. CVE-2010-3833 It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could crash the server. CVE-2010-3834 It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could crash the server. CVE-2010-3835 It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could crash the server. CVE-2010-3836 It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could crash the server. CVE-2010-3837 It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could crash the server. CVE-2010-3838 It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could crash the server. CVE-2010-3840 It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could crash the server.
Family: unix Class: patch
Reference(s): DSA-2143-1
CVE-2010-3677
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3833
CVE-2010-3834
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3840
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23210
 
Oval ID: oval:org.mitre.oval:def:23210
Title: ELSA-2010:0825: mysql security update (Moderate)
Description: The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family: unix Class: patch
Reference(s): ELSA-2010:0825-01
CVE-2010-3677
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3833
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840
Version: 49
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22961
 
Oval ID: oval:org.mitre.oval:def:22961
Title: ELSA-2011:0164: mysql security update (Moderate)
Description: The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Family: unix Class: patch
Reference(s): ELSA-2011:0164-01
CVE-2010-3677
CVE-2010-3678
CVE-2010-3679
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3683
CVE-2010-3833
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840
Version: 61
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application331
Application45

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for mysql CESA-2012:0105 centos6
File : nvt/gb_CESA-2012_0105_mysql_centos6.nasl
2012-07-30Name : CentOS Update for mysql CESA-2012:0127 centos5
File : nvt/gb_CESA-2012_0127_mysql_centos5.nasl
2012-07-09Name : RedHat Update for mysql RHSA-2012:0105-01
File : nvt/gb_RHSA-2012_0105-01_mysql.nasl
2012-06-05Name : RedHat Update for mysql RHSA-2011:0164-01
File : nvt/gb_RHSA-2011_0164-01_mysql.nasl
2012-04-30Name : Debian Security Advisory DSA 2429-1 (mysql-5.1)
File : nvt/deb_2429_1.nasl
2012-04-02Name : Fedora Update for mysql FEDORA-2012-0972
File : nvt/gb_fedora_2012_0972_mysql_fc16.nasl
2012-03-16Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-02-21Name : RedHat Update for mysql RHSA-2012:0127-01
File : nvt/gb_RHSA-2012_0127-01_mysql.nasl
2012-02-13Name : Fedora Update for mysql FEDORA-2012-0987
File : nvt/gb_fedora_2012_0987_mysql_fc15.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201201-02 (MySQL)
File : nvt/glsa_201201_02.nasl
2011-09-07Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-19Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)
File : nvt/secpod_macosx_su11-004.nasl
2011-08-09Name : CentOS Update for mysql CESA-2010:0109 centos5 i386
File : nvt/gb_CESA-2010_0109_mysql_centos5_i386.nasl
2011-08-09Name : CentOS Update for mysql CESA-2010:0442 centos5 i386
File : nvt/gb_CESA-2010_0442_mysql_centos5_i386.nasl
2011-08-09Name : CentOS Update for mysql CESA-2009:1289 centos5 i386
File : nvt/gb_CESA-2009_1289_mysql_centos5_i386.nasl
2011-01-21Name : MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability
File : nvt/gb_mysql_gis_line_string_dos_vuln.nasl
2011-01-21Name : MySQL Denial of Service (infinite loop) Vulnerabilities
File : nvt/gb_mysql_infinite_loop_dos_vuln.nasl
2011-01-21Name : MySQL Multiple Denial of Service Vulnerabilities
File : nvt/gb_mysql_mult_dos_vuln_jan11.nasl
2011-01-21Name : Mandriva Update for mysql MDVSA-2011:012 (mysql)
File : nvt/gb_mandriva_MDVSA_2011_012.nasl
2011-01-18Name : MySQL Handler Multiple Denial Of Service Vulnerabilities
File : nvt/gb_mysql_handler_mult_dos_vuln.nasl
2011-01-18Name : MySQL Multiple Denial Of Service Vulnerabilities
File : nvt/gb_mysql_mult_dos_vuln.nasl
2011-01-18Name : MySQL Mysqld Multiple Denial Of Service Vulnerabilities
File : nvt/gb_mysql_mysqld_mult_dos_vuln.nasl
2010-12-02Name : Fedora Update for mysql FEDORA-2010-15147
File : nvt/gb_fedora_2010_15147_mysql_fc14.nasl
2010-11-16Name : Ubuntu Update for MySQL vulnerabilities USN-1017-1
File : nvt/gb_ubuntu_USN_1017_1.nasl
2010-11-16Name : RedHat Update for mysql RHSA-2010:0824-01
File : nvt/gb_RHSA-2010_0824-01_mysql.nasl
2010-11-16Name : RedHat Update for mysql RHSA-2010:0825-01
File : nvt/gb_RHSA-2010_0825-01_mysql.nasl
2010-11-16Name : Mandriva Update for mysql MDVSA-2010:155-1 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_155_1.nasl
2010-11-16Name : Mandriva Update for mysql MDVSA-2010:222 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_222.nasl
2010-11-16Name : Mandriva Update for mysql MDVSA-2010:223 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_223.nasl
2010-11-16Name : CentOS Update for mysql CESA-2010:0824 centos4 i386
File : nvt/gb_CESA-2010_0824_mysql_centos4_i386.nasl
2010-11-10Name : Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
File : nvt/gb_mysql_43676.nasl
2010-10-19Name : Fedora Update for mysql FEDORA-2010-15166
File : nvt/gb_fedora_2010_15166_mysql_fc13.nasl
2010-09-07Name : Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
File : nvt/gb_mysql_5_1_49.nasl
2010-08-30Name : Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability
File : nvt/gb_mysql_42598.nasl
2010-08-24Name : Mandriva Update for mysql MDVSA-2010:155 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_155.nasl
2010-08-06Name : Fedora Update for mysql FEDORA-2010-11126
File : nvt/gb_fedora_2010_11126_mysql_fc12.nasl
2010-07-30Name : Fedora Update for mysql FEDORA-2010-11135
File : nvt/gb_fedora_2010_11135_mysql_fc13.nasl
2010-07-19Name : MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability
File : nvt/gb_mysql_databse_dos_vuln.nasl
2010-06-11Name : MySQL Multiple Vulnerabilities
File : nvt/gb_mysql_mult_vuln.nasl
2010-06-11Name : Fedora Update for mysql FEDORA-2010-9016
File : nvt/gb_fedora_2010_9016_mysql_fc13.nasl
2010-06-11Name : Fedora Update for mysql FEDORA-2010-9053
File : nvt/gb_fedora_2010_9053_mysql_fc12.nasl
2010-06-11Name : Fedora Update for mysql FEDORA-2010-9061
File : nvt/gb_fedora_2010_9061_mysql_fc11.nasl
2010-06-11Name : Ubuntu Update for MySQL vulnerabilities USN-950-1
File : nvt/gb_ubuntu_USN_950_1.nasl
2010-06-10Name : Debian Security Advisory DSA 2057-1 (mysql-dfsg-5.0)
File : nvt/deb_2057_1.nasl
2010-05-28Name : Mandriva Update for mysql MDVSA-2010:101 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_101.nasl
2010-05-28Name : Mandriva Update for mysql MDVSA-2010:107 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_107.nasl
2010-05-28Name : RedHat Update for mysql RHSA-2010:0442-01
File : nvt/gb_RHSA-2010_0442-01_mysql.nasl
2010-05-27Name : MySQL < 5.1.47 Multiple Vulnerabilities
File : nvt/gb_mysql_5_1_47.nasl
2010-05-19Name : Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
File : nvt/gb_mysql_40106.nasl
2010-05-17Name : Fedora Update for mysql FEDORA-2010-7355
File : nvt/gb_fedora_2010_7355_mysql_fc11.nasl
2010-05-17Name : Fedora Update for mysql FEDORA-2010-7414
File : nvt/gb_fedora_2010_7414_mysql_fc12.nasl
2010-05-17Name : Mandriva Update for mysql MDVSA-2010:093 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_093.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-20Name : MySQL UNINSTALL PLUGIN Security Bypass Vulnerability
File : nvt/gb_mysql_39543.nasl
2010-03-22Name : Mandriva Update for timezone MDVA-2010:101 (timezone)
File : nvt/gb_mandriva_MDVA_2010_101.nasl
2010-03-22Name : Mandriva Update for pulseaudio MDVA-2010:107 (pulseaudio)
File : nvt/gb_mandriva_MDVA_2010_107.nasl
2010-03-12Name : Mandriva Update for mdkonline MDVA-2010:093 (mdkonline)
File : nvt/gb_mandriva_MDVA_2010_093.nasl
2010-03-02Name : Fedora Update for mysql FEDORA-2010-1300
File : nvt/gb_fedora_2010_1300_mysql_fc11.nasl
2010-03-02Name : Fedora Update for mysql FEDORA-2010-1348
File : nvt/gb_fedora_2010_1348_mysql_fc12.nasl
2010-02-22Name : Mandriva Update for mysql MDVSA-2010:044 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_044.nasl
2010-02-19Name : CentOS Update for mysql CESA-2010:0110 centos4 i386
File : nvt/gb_CESA-2010_0110_mysql_centos4_i386.nasl
2010-02-19Name : RedHat Update for mysql RHSA-2010:0109-01
File : nvt/gb_RHSA-2010_0109-01_mysql.nasl
2010-02-19Name : RedHat Update for mysql RHSA-2010:0110-01
File : nvt/gb_RHSA-2010_0110-01_mysql.nasl
2010-02-15Name : Ubuntu Update for MySQL vulnerabilities USN-897-1
File : nvt/gb_ubuntu_USN_897_1.nasl
2010-01-29Name : Mandriva Update for mmc MDVA-2010:044 (mmc)
File : nvt/gb_mandriva_MDVA_2010_044.nasl
2010-01-19Name : Mandriva Update for mysql MDVSA-2010:011 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_011.nasl
2010-01-19Name : Mandriva Update for mysql MDVSA-2010:012 (mysql)
File : nvt/gb_mandriva_MDVSA_2010_012.nasl
2010-01-11Name : MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
File : nvt/mysql_37640.nasl
2010-01-04Name : MySQL Server Buffer Overflow Vulnerability (Linux)
File : nvt/secpod_mysql_bof_vuln_lin.nasl
2009-12-30Name : Fedora Core 12 FEDORA-2009-13466 (mysql)
File : nvt/fcore_2009_13466.nasl
2009-12-30Name : Fedora Core 11 FEDORA-2009-13504 (mysql)
File : nvt/fcore_2009_13504.nasl
2009-12-14Name : Fedora Core 10 FEDORA-2009-12180 (mysql)
File : nvt/fcore_2009_12180.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:326 (mysql)
File : nvt/mdksa_2009_326.nasl
2009-12-04Name : MySQL Authenticated Access Restrictions Bypass Vulnerability
File : nvt/gb_mysql_auth_bypass_vuln.nasl
2009-12-04Name : MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)
File : nvt/gb_mysql_auth_bypass_vuln_lin.nasl
2009-12-04Name : MySQL Denial Of Service and Spoofing Vulnerabilities
File : nvt/gb_mysql_dos_n_spoofing_vuln.nasl
2009-10-13Name : SLES10: Security update for MySQL
File : nvt/sles10_mysql.nasl
2009-10-13Name : SLES10: Security update for MySQL
File : nvt/sles10_mysql0.nasl
2009-10-11Name : SLES11: Security update for MySQL
File : nvt/sles11_libmysqlclient1.nasl
2009-10-10Name : SLES9: Security update for MySQL
File : nvt/sles9p5021882.nasl
2009-10-10Name : SLES9: Security update for MySQL
File : nvt/sles9p5040120.nasl
2009-10-10Name : SLES9: Security update for MySQL
File : nvt/sles9p5056120.nasl
2009-09-28Name : RedHat Security Advisory RHSA-2009:1461
File : nvt/RHSA_2009_1461.nasl
2009-09-21Name : CentOS Security Advisory CESA-2009:1289 (mysql)
File : nvt/ovcesa2009_1289.nasl
2009-09-09Name : RedHat Security Advisory RHSA-2009:1289
File : nvt/RHSA_2009_1289.nasl
2009-09-09Name : Debian Security Advisory DSA 1877-1 (mysql-dfsg-5.0)
File : nvt/deb_1877_1.nasl
2009-09-09Name : SuSE Security Summary SUSE-SR:2009:014
File : nvt/suse_sr_2009_014.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:179 (mysql)
File : nvt/mdksa_2009_179.nasl
2009-07-29Name : Mandrake Security Advisory MDVSA-2009:159 (mysql)
File : nvt/mdksa_2009_159.nasl
2009-07-17Name : MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
File : nvt/gb_mysql_mult_format_string_vuln.nasl
2009-06-05Name : RedHat Security Advisory RHSA-2009:1067
File : nvt/RHSA_2009_1067.nasl
2009-06-05Name : Ubuntu USN-763-1 (xine-lib)
File : nvt/ubuntu_763_1.nasl
2009-04-28Name : Mandrake Security Advisory MDVSA-2009:094 (mysql)
File : nvt/mdksa_2009_094.nasl
2009-04-23Name : MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
File : nvt/mysql_29106.nasl
2009-04-09Name : Mandriva Update for MySQL MDKSA-2007:243 (MySQL)
File : nvt/gb_mandriva_MDKSA_2007_243.nasl
2009-03-23Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1
File : nvt/gb_ubuntu_USN_671_1.nasl
2009-03-23Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1
File : nvt/gb_ubuntu_USN_559_1.nasl
2009-03-06Name : RedHat Update for mysql RHSA-2007:1155-01
File : nvt/gb_RHSA-2007_1155-01_mysql.nasl
2009-02-27Name : Fedora Update for mysql FEDORA-2007-4465
File : nvt/gb_fedora_2007_4465_mysql_fc8.nasl
2009-02-27Name : Fedora Update for mysql FEDORA-2007-4471
File : nvt/gb_fedora_2007_4471_mysql_fc7.nasl
2009-02-27Name : CentOS Update for mysql CESA-2007:1155 centos4 i386
File : nvt/gb_CESA-2007_1155_mysql_centos4_i386.nasl
2009-02-27Name : CentOS Update for mysql CESA-2007:1155 centos4 x86_64
File : nvt/gb_CESA-2007_1155_mysql_centos4_x86_64.nasl
2009-01-20Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-20Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2009-01-13Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server16.nasl
2009-01-02Name : FreeBSD Ports: mysql-server
File : nvt/freebsd_mysql-server15.nasl
2008-11-19Name : Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0)
File : nvt/deb_1662_1.nasl
2008-10-03Name : FreeBSD Ports: mysql-client
File : nvt/freebsd_mysql-client0.nasl
2008-09-25Name : MySQL Empty Bit-String Literal Denial of Service Vulnerability
File : nvt/secpod_mysql_dos_vuln_900221.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200711-25 (mysql)
File : nvt/glsa_200711_25.nasl
2008-01-17Name : Debian Security Advisory DSA 1413-1 (mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1)
File : nvt/deb_1413_1.nasl
0000-00-00Name : Slackware Advisory SSA:2007-348-01 mysql
File : nvt/esoft_slk_ssa_2007_348_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
78391Oracle MySQL Server Unspecified Remote DoS (2012-0112)
78380Oracle MySQL Server Unspecified Remote DoS (2012-0115)
78379Oracle MySQL Server Unspecified Remote DoS (2012-0102)
78378Oracle MySQL Server Unspecified Remote DoS (2012-0101)
78377Oracle MySQL Server Unspecified Remote DoS (2012-0087)
78376Oracle MySQL Server Unspecified Remote DoS (2011-2262)
78374Oracle MySQL Server Unspecified Remote Issue (2012-0075)
78373Oracle MySQL Server Unspecified Local Issue
78369Oracle MySQL Server Unspecified Remote Issue (2012-0116)
78368Oracle MySQL Server Unspecified Remote Issue (2012-0113)
69395MySQL Derived Table Grouping DoS
69394MySQL Temporary Table Expression Re-Evaluation DoS
69393MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
69392MySQL Extreme-Value Functions Mixed Arguments DoS
69391MySQL Stored Procedures / Prepared Statements Nested Joins DoS
69390MySQL Extreme-Value Functions Argument Parsing Type Error DoS
69387MySQL LIKE Predicates Pre-Evaluation DoS
69001MySQL PolyFromWKB() Function WKB Data Remote DoS
69000MySQL HANDLER Interface Unspecified READ Request DoS
67384MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
67383MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Derefer...
67381MySQL InnoDB Temporary Table Handling DoS
67380MySQL BINLOG Statement Unspecified Argument DoS
67379MySQL Multiple Operation NULL Argument Handling DoS
67378MySQL Unique SET Column Join DoS
65851MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
64843MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
64588MySQL Large Packet Infinite Read DoS
64587MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
64586MySQL COM_FIELD_LIST Command Packet Authentication Bypass
63903MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Comm...
61956yaSSL Certificate Name Handling Overflow
60665MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restricti...
60664MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restri...
60489MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
60488MySQL SELECT Statement WHERE Clause Sub-query DoS
55734MySQL sql_parse.cc dispatch_command() Function Format String DoS
51171MySQL InnoDB convert_search_mode_to_innobase Function DoS
48710MySQL Command Line Client HTML Output XSS
48021MySQL Empty Bit-String Literal Token SQL Statement DoS
44937MySQL MyISAM Table CREATE TABLE Privilege Check Bypass

Snort® IPS/IDS

DateDescription
2014-01-10Database SELECT subquery denial of service attempt
RuleID : 20053 - Revision : 6 - Type : SERVER-MYSQL
2014-01-10Database unique set column denial of service attempt
RuleID : 19094 - Revision : 8 - Type : SERVER-MYSQL
2014-01-10Database unique set column denial of service attempt
RuleID : 19093 - Revision : 8 - Type : SERVER-MYSQL
2014-01-10IN NULL argument denial of service attempt
RuleID : 19001 - Revision : 4 - Type : SERVER-MYSQL
2014-01-10Database CASE NULL argument denial of service attempt
RuleID : 19000 - Revision : 5 - Type : SERVER-MYSQL
2014-01-10mysql_log COM_DROP_DB format string vulnerability exploit attempt
RuleID : 16708 - Revision : 7 - Type : SERVER-MYSQL
2014-01-10mysql_log COM_CREATE_DB format string vulnerability exploit attempt
RuleID : 16707 - Revision : 7 - Type : SERVER-MYSQL
2014-01-10Database COM_FIELD_LIST Buffer Overflow attempt
RuleID : 16703 - Revision : 6 - Type : SERVER-MYSQL
2014-01-10yaSSL library cert parsing stack overflow attempt
RuleID : 16385 - Revision : 6 - Type : SERVER-MYSQL
2014-01-10database Procedure Analyse denial of service attempt - 2
RuleID : 16349 - Revision : 6 - Type : SERVER-MYSQL
2014-01-10database PROCEDURE ANALYSE denial of service attempt - 1
RuleID : 16348 - Revision : 6 - Type : SERVER-MYSQL

Metasploit Database

idDescription
2010-01-25 MySQL yaSSL CertDecoder::GetName Buffer Overflow

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-273.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-274.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-44.nasl - Type : ACT_GATHER_INFO
2013-08-30Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0442.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0824.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0825.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0121.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0164.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0127.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-120731.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2013-01-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO
2013-01-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130108_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO
2012-11-15Name : The remote database server is affected by a local user to bypass privilege ce...
File : mysql_5_0_95_create_table_bypass.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120208_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120213_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100216_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100216_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100526_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071218_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101103_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101103_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110118_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-03-13Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2429.nasl - Type : ACT_GATHER_INFO
2012-02-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO
2012-02-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO
2012-02-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-0987.nasl - Type : ACT_GATHER_INFO
2012-02-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2012-02-09Name : The remote Fedora host is missing a security update.
File : fedora_2012-0972.nasl - Type : ACT_GATHER_INFO
2012-02-09Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_0_95.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_61.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_20.nasl - Type : ACT_GATHER_INFO
2012-01-18Name : The remote database is vulnerable to a denial fo service attack.
File : mysql_5_0_54_5_1_23_6_0_4_DoS.nasl - Type : ACT_GATHER_INFO
2012-01-18Name : The remote database server is vulnerable to multiple denial of service attacks.
File : mysql_5_0_92.nasl - Type : ACT_GATHER_INFO
2012-01-18Name : The remote database server is affected by several buffer overflow vulnerabili...
File : mysql_5_1_43_yaSSL.nasl - Type : ACT_GATHER_INFO
2012-01-18Name : The remote database server is vulnerable to multiple denial of service attacks.
File : mysql_5_5_6.nasl - Type : ACT_GATHER_INFO
2012-01-18Name : Access restrictions can be bypassed on the remote database server.
File : mysql_6_0_9.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : The remote database server is prone to a denial of service attack.
File : mysql_5_0_38.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : A remote database client have a cross-site scripting vulnerability.
File : mysql_6_0_14_XSS.nasl - Type : ACT_GATHER_INFO
2012-01-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-111013.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-111014.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-004.nasl - Type : ACT_GATHER_INFO
2011-01-28Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-012.nasl - Type : ACT_GATHER_INFO
2011-01-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0164.nasl - Type : ACT_GATHER_INFO
2011-01-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2143.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-100429.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO
2010-11-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1017-1.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-222.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-223.nasl - Type : ACT_GATHER_INFO
2010-11-09Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12661.nasl - Type : ACT_GATHER_INFO
2010-11-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO
2010-11-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO
2010-10-18Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-7172.nasl - Type : ACT_GATHER_INFO
2010-10-18Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libmysqlclient-devel-101006.nasl - Type : ACT_GATHER_INFO
2010-10-18Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-6899.nasl - Type : ACT_GATHER_INFO
2010-10-06Name : The remote Fedora host is missing a security update.
File : fedora_2010-15147.nasl - Type : ACT_GATHER_INFO
2010-10-06Name : The remote Fedora host is missing a security update.
File : fedora_2010-15166.nasl - Type : ACT_GATHER_INFO
2010-10-05Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_51.nasl - Type : ACT_GATHER_INFO
2010-08-26Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_49.nasl - Type : ACT_GATHER_INFO
2010-08-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-155.nasl - Type : ACT_GATHER_INFO
2010-08-03Name : The remote Fedora host is missing a security update.
File : fedora_2010-11126.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-012.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-044.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-093.nasl - Type : ACT_GATHER_INFO
2010-07-27Name : The remote Fedora host is missing a security update.
File : fedora_2010-11135.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-1300.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-1348.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-7350.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-7355.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-7414.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-9016.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-9053.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-9061.nasl - Type : ACT_GATHER_INFO
2010-06-29Name : The remote database server is affected by denial of service vulnerability.
File : mysql_5_1_48.nasl - Type : ACT_GATHER_INFO
2010-06-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-950-1.nasl - Type : ACT_GATHER_INFO
2010-06-08Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2057.nasl - Type : ACT_GATHER_INFO
2010-06-01Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0442.nasl - Type : ACT_GATHER_INFO
2010-05-27Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0442.nasl - Type : ACT_GATHER_INFO
2010-05-26Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-107.nasl - Type : ACT_GATHER_INFO
2010-05-24Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_47.nasl - Type : ACT_GATHER_INFO
2010-05-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-101.nasl - Type : ACT_GATHER_INFO
2010-05-12Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_46.nasl - Type : ACT_GATHER_INFO
2010-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libmysqlclient-devel-100401.nasl - Type : ACT_GATHER_INFO
2010-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libmysqlclient-devel-100401.nasl - Type : ACT_GATHER_INFO
2010-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libmysqlclient-devel-100504.nasl - Type : ACT_GATHER_INFO
2010-05-04Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libmysqlclient-devel-091215.nasl - Type : ACT_GATHER_INFO
2010-05-04Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libmysqlclient-devel-091216.nasl - Type : ACT_GATHER_INFO
2010-05-04Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libmysqlclient-devel-091216.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-19Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-6897.nasl - Type : ACT_GATHER_INFO
2010-03-02Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1997.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1877.nasl - Type : ACT_GATHER_INFO
2010-02-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2010-02-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-897-1.nasl - Type : ACT_GATHER_INFO
2010-01-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-011.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2009-12-22Name : The remote Fedora host is missing a security update.
File : fedora_2009-13466.nasl - Type : ACT_GATHER_INFO
2009-12-22Name : The remote Fedora host is missing a security update.
File : fedora_2009-13504.nasl - Type : ACT_GATHER_INFO
2009-12-14Name : The remote Fedora host is missing a security update.
File : fedora_2009-12180.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-326.nasl - Type : ACT_GATHER_INFO
2009-11-25Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_0_88.nasl - Type : ACT_GATHER_INFO
2009-11-25Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_41.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_libmysqlclient-devel-6360.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12256.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-6446.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12456.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12044.nasl - Type : ACT_GATHER_INFO
2009-08-27Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-08-27Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-07-28Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-159.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libmysqlclient-devel-080919.nasl - Type : ACT_GATHER_INFO
2009-04-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1783.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-671-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-094.nasl - Type : ACT_GATHER_INFO
2009-01-12Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_66a770b4e00811dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-30Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_738f8f9ed66111dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote openSUSE host is missing a security update.
File : suse_libmysqlclient-devel-5619.nasl - Type : ACT_GATHER_INFO
2008-12-01Name : The remote openSUSE host is missing a security update.
File : suse_mysql-5613.nasl - Type : ACT_GATHER_INFO
2008-11-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-5618.nasl - Type : ACT_GATHER_INFO
2008-11-09Name : The remote database server is susceptible to a privilege bypass attack.
File : mysql_es_5_0_70.nasl - Type : ACT_GATHER_INFO
2008-11-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1662.nasl - Type : ACT_GATHER_INFO
2008-10-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4775c8078f3011dd821f001cc0377035.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is affected by several issues.
File : mysql_5_0_67.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is susceptible to a denial of service attack.
File : mysql_5_1_26.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is susceptible to a denial of service attack.
File : mysql_6_0_6.nasl - Type : ACT_GATHER_INFO
2008-09-11Name : The remote database server is susceptible to a denial of service attack.
File : mysql_es_5_0_66.nasl - Type : ACT_GATHER_INFO
2008-02-05Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-4879.nasl - Type : ACT_GATHER_INFO
2008-02-05Name : The remote openSUSE host is missing a security update.
File : suse_libmysqlclient-devel-4873.nasl - Type : ACT_GATHER_INFO
2007-12-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-559-1.nasl - Type : ACT_GATHER_INFO
2007-12-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2007-12-19Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO
2007-12-17Name : The remote Fedora host is missing a security update.
File : fedora_2007-4465.nasl - Type : ACT_GATHER_INFO
2007-12-17Name : The remote Fedora host is missing a security update.
File : fedora_2007-4471.nasl - Type : ACT_GATHER_INFO
2007-12-17Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-348-01.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote database server is affected by several issues.
File : mysql_5_1_23.nasl - Type : ACT_GATHER_INFO
2007-12-11Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-243.nasl - Type : ACT_GATHER_INFO
2007-11-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1413.nasl - Type : ACT_GATHER_INFO
2007-11-20Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-25.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:59:50
  • Multiple Updates