oval:org.mitre.oval:def:7917

Definition Id: oval:org.mitre.oval:def:7917

Oval ID:	oval:org.mitre.oval:def:7917
Title:	DSA-1608 mysql-dfsg-5.0 -- authorisation bypass
Description:	Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files. This permits an authenticated user with authorisation to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorisations. The Common Vulnerabilities and Exposures project identifies this weakness as CVE-2008-2079.
Family:	unix	Class:	patch
Reference(s):	DSA-1608 CVE-2008-2079	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.32-7etch6 AND mysql-common is earlier than 5.0.32-7etch6 AND mysql-server is earlier than 5.0.32-7etch6 AND libmysqlclient15-dev is earlier than 5.0.32-7etch6 AND mysql-server-4.1 is earlier than 5.0.32-7etch6 AND mysql-client-5.0 is earlier than 5.0.32-7etch6 AND libmysqlclient15off is earlier than 5.0.32-7etch6 AND mysql-server-5.0 is earlier than 5.0.32-7etch6

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:7917