oval:org.mitre.oval:def:6799

Definition Id: oval:org.mitre.oval:def:6799

Oval ID:	oval:org.mitre.oval:def:6799
Title:	DSA-1997 mysql-dfsg-5.0 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field.
Family:	unix	Class:	patch
Reference(s):	DSA-1997 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.51a-24+lenny3 AND mysql-common is earlier than 5.0.51a-24+lenny3 AND mysql-server is earlier than 5.0.51a-24+lenny3 AND libmysqlclient15-dev is earlier than 5.0.51a-24+lenny3 AND mysql-client-5.0 is earlier than 5.0.51a-24+lenny3 AND libmysqlclient15off is earlier than 5.0.51a-24+lenny3 AND mysql-server-5.0 is earlier than 5.0.51a-24+lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.32-7etch12 AND mysql-common is earlier than 5.0.32-7etch12 AND mysql-server is earlier than 5.0.32-7etch12 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev is earlier than 5.0.32-7etch12 AND mysql-server-4.1 is earlier than 5.0.32-7etch12 AND mysql-client-5.0 is earlier than 5.0.32-7etch12 AND mysql-server-5.0 is earlier than 5.0.32-7etch12 AND libmysqlclient15off is earlier than 5.0.32-7etch12

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:6799

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:6799

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0284s

Facebook rss twitter linkedin mail