8.5 - USN-897-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	MySQL vulnerabilities

Informations
Name	USN-897-1	First vendor Publication	2010-02-10
Vendor	Ubuntu	Last vendor Modification	2010-02-10
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score	8.5	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	6.8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.12

Ubuntu 8.04 LTS:
mysql-server-5.0 5.0.51a-3ubuntu5.5

Ubuntu 8.10:
mysql-server-5.0 5.0.67-0ubuntu6.1

Ubuntu 9.04:
mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.3

Ubuntu 9.10:
mysql-server-5.1 5.1.37-1ubuntu5.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. (CVE-2008-4098)

It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2008-4456)

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. (CVE-2008-7247)

It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2446)

It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2009-4019)

It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. (CVE-2009-4030)

It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile. (CVE-2009-4484)

Original Source

Url : http://www.ubuntu.com/usn/USN-897-1

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')
17 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
17 %	CWE-134	Uncontrolled Format String (CWE/SANS Top 25)
17 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10591

Oval ID:	oval:org.mitre.oval:def:10591
Title:	MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Description:	MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4098	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mysql is earlier than 0:4.1.22-2.el4_8.3 AND mysql-devel is earlier than 0:4.1.22-2.el4_8.3 AND mysql-bench is earlier than 0:4.1.22-2.el4_8.3 AND mysql-server is earlier than 0:4.1.22-2.el4_8.3

Definition Id: oval:org.mitre.oval:def:11116

Oval ID:	oval:org.mitre.oval:def:11116
Title:	MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Description:	MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-4030	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mysql is earlier than 0:4.1.22-2.el4_8.3 AND mysql-devel is earlier than 0:4.1.22-2.el4_8.3 AND mysql-bench is earlier than 0:4.1.22-2.el4_8.3 AND mysql-server is earlier than 0:4.1.22-2.el4_8.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section mysql is earlier than 0:5.0.77-4.el5_4.2 AND mysql-devel is earlier than 0:5.0.77-4.el5_4.2 AND mysql-test is earlier than 0:5.0.77-4.el5_4.2 AND mysql-bench is earlier than 0:5.0.77-4.el5_4.2 AND mysql-server is earlier than 0:5.0.77-4.el5_4.2

Definition Id: oval:org.mitre.oval:def:11349

Oval ID:	oval:org.mitre.oval:def:11349
Title:	mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Description:	mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-4019	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section mysql is earlier than 0:5.0.77-4.el5_4.2 AND mysql-devel is earlier than 0:5.0.77-4.el5_4.2 AND mysql-test is earlier than 0:5.0.77-4.el5_4.2 AND mysql-bench is earlier than 0:5.0.77-4.el5_4.2 AND mysql-server is earlier than 0:5.0.77-4.el5_4.2

Definition Id: oval:org.mitre.oval:def:11456

Oval ID:	oval:org.mitre.oval:def:11456
Title:	Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Description:	Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4456	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mysql is earlier than 0:4.1.22-2.el4_8.3 AND mysql-devel is earlier than 0:4.1.22-2.el4_8.3 AND mysql-bench is earlier than 0:4.1.22-2.el4_8.3 AND mysql-server is earlier than 0:4.1.22-2.el4_8.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section mysql is earlier than 0:5.0.77-3.el5 AND mysql-devel is earlier than 0:5.0.77-3.el5 AND mysql-test is earlier than 0:5.0.77-3.el5 AND mysql-bench is earlier than 0:5.0.77-3.el5 AND mysql-server is earlier than 0:5.0.77-3.el5

Definition Id: oval:org.mitre.oval:def:11857

Oval ID:	oval:org.mitre.oval:def:11857
Title:	Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Description:	Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2446	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mysql is earlier than 0:4.1.22-2.el4_8.3 AND mysql-devel is earlier than 0:4.1.22-2.el4_8.3 AND mysql-bench is earlier than 0:4.1.22-2.el4_8.3 AND mysql-server is earlier than 0:4.1.22-2.el4_8.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section mysql is earlier than 0:5.0.77-3.el5 AND mysql-devel is earlier than 0:5.0.77-3.el5 AND mysql-test is earlier than 0:5.0.77-3.el5 AND mysql-bench is earlier than 0:5.0.77-3.el5 AND mysql-server is earlier than 0:5.0.77-3.el5

Definition Id: oval:org.mitre.oval:def:12751

Oval ID:	oval:org.mitre.oval:def:12751
Title:	DSA-1877-1 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Description:	In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. For the stable distribution, this problem has been fixed in version 5.0.51a-24+lenny2. For the old stable distribution, this problem has been fixed in version 5.0.32-7etch11. We recommend that you upgrade your mysql packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1877-1 CVE-2009-2446	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.51a-24+lenny2 AND mysql-common DPKG is earlier than 5.0.51a-24+lenny2 AND mysql-server DPKG is earlier than 5.0.51a-24+lenny2 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.51a-24+lenny2 AND mysql-client-5.0 DPKG is earlier than 5.0.51a-24+lenny2 AND libmysqlclient15off DPKG is earlier than 5.0.51a-24+lenny2 AND mysql-server-5.0 DPKG is earlier than 5.0.51a-24+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.32-7etch11 AND mysql-common DPKG is earlier than 5.0.32-7etch11 AND mysql-server DPKG is earlier than 5.0.32-7etch11 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.32-7etch11 AND mysql-client-5.0 DPKG is earlier than 5.0.32-7etch11 AND mysql-server-4.1 DPKG is earlier than 5.0.32-7etch11 AND mysql-server-5.0 DPKG is earlier than 5.0.32-7etch11 AND libmysqlclient15off DPKG is earlier than 5.0.32-7etch11

Definition Id: oval:org.mitre.oval:def:13088

Oval ID:	oval:org.mitre.oval:def:13088
Title:	USN-897-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description:	It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile
Family:	unix	Class:	patch
Reference(s):	USN-897-1 CVE-2008-4098 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04	Product(s):	mysql-dfsg-5.0 mysql-dfsg-5.1
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.51a-3ubuntu5.5 AND mysql-common DPKG is earlier than 5.0.51a-3ubuntu5.5 AND mysql-server DPKG is earlier than 5.0.51a-3ubuntu5.5 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.51a-3ubuntu5.5 AND mysql-client-5.0 DPKG is earlier than 5.0.51a-3ubuntu5.5 AND mysql-server-5.0 DPKG is earlier than 5.0.51a-3ubuntu5.5 AND libmysqlclient15off DPKG is earlier than 5.0.51a-3ubuntu5.5 OR Release section Ubuntu 8.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.67-0ubuntu6.1 AND mysql-common DPKG is earlier than 5.0.67-0ubuntu6.1 AND mysql-server DPKG is earlier than 5.0.67-0ubuntu6.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.67-0ubuntu6.1 AND mysql-client-5.0 DPKG is earlier than 5.0.67-0ubuntu6.1 AND mysql-server-5.0 DPKG is earlier than 5.0.67-0ubuntu6.1 AND libmysqlclient15off DPKG is earlier than 5.0.67-0ubuntu6.1 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.1.37-1ubuntu5.1 AND libmysqlclient16-dev DPKG is earlier than 5.1.37-1ubuntu5.1 AND mysql-common DPKG is earlier than 5.1.37-1ubuntu5.1 AND mysql-server DPKG is earlier than 5.1.37-1ubuntu5.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libmysqlclient-dev DPKG is earlier than 5.1.37-1ubuntu5.1 AND libmysqld-pic DPKG is earlier than 5.1.37-1ubuntu5.1 AND mysql-client-5.1 DPKG is earlier than 5.1.37-1ubuntu5.1 AND libmysqlclient16 DPKG is earlier than 5.1.37-1ubuntu5.1 AND mysql-server-5.1 DPKG is earlier than 5.1.37-1ubuntu5.1 AND libmysqld-dev DPKG is earlier than 5.1.37-1ubuntu5.1 AND mysql-server-core-5.1 DPKG is earlier than 5.1.37-1ubuntu5.1 OR Release section Ubuntu 6.06 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.22-0ubuntu6.06.12 AND mysql-common DPKG is earlier than 5.0.22-0ubuntu6.06.12 AND mysql-server DPKG is earlier than 5.0.22-0ubuntu6.06.12 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.22-0ubuntu6.06.12 AND mysql-client-5.0 DPKG is earlier than 5.0.22-0ubuntu6.06.12 AND libmysqlclient15off DPKG is earlier than 5.0.22-0ubuntu6.06.12 AND mysql-server-5.0 DPKG is earlier than 5.0.22-0ubuntu6.06.12 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3 AND mysql-common DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3 AND mysql-server DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libmysqlclient15-dev DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3 AND mysql-client-5.0 DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3 AND mysql-server-5.0 DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3 AND libmysqlclient15off DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3 AND mysql-server-core-5.0 DPKG is earlier than 5.1.30really5.0.75-0ubuntu10.3

Definition Id: oval:org.mitre.oval:def:20084

Oval ID:	oval:org.mitre.oval:def:20084
Title:	DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in the MySQL database server.
Family:	unix	Class:	patch
Reference(s):	DSA-1997-1 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484	Version:	5
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 5.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND mysql-dfsg-5.0 DPKG is earlier than 0:5.0.32-7etch12 AND Release section Debian GNU/Linux 5.0 is installed AND mysql-dfsg-5.0 DPKG is earlier than 0:5.0.51a-24+lenny3

Definition Id: oval:org.mitre.oval:def:20178

Oval ID:	oval:org.mitre.oval:def:20178
Title:	DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
Description:	Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application.
Family:	unix	Class:	patch
Reference(s):	DSA-1783-1 CVE-2008-3963 CVE-2008-4456	Version:	5
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 5.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND mysql-dfsg-5.0 DPKG is earlier than 0:5.0.32-7etch10 AND Release section Debian GNU/Linux 5.0 is installed AND mysql-dfsg-5.0 DPKG is earlier than 0:5.0.51a-24+lenny1

Definition Id: oval:org.mitre.oval:def:21419

Oval ID:	oval:org.mitre.oval:def:21419
Title:	RHSA-2010:0109: mysql security update (Moderate)
Description:	MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0109-01 CESA-2010:0109 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030	Version:	42
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	mysql
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section mysql-test is earlier than 0:5.0.77-4.el5_4.2 AND mysql is earlier than 0:5.0.77-4.el5_4.2 AND mysql-server is earlier than 0:5.0.77-4.el5_4.2 AND mysql-bench is earlier than 0:5.0.77-4.el5_4.2 AND mysql-devel is earlier than 0:5.0.77-4.el5_4.2

Definition Id: oval:org.mitre.oval:def:22758

Oval ID:	oval:org.mitre.oval:def:22758
Title:	ELSA-2010:0109: mysql security update (Moderate)
Description:	MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0109-01 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	mysql
Definition Synopsis:
Oracle Linux 5.x rpm test mysql-test is earlier than 0:5.0.77-4.el5_4.2 AND mysql is earlier than 0:5.0.77-4.el5_4.2 AND mysql-server is earlier than 0:5.0.77-4.el5_4.2 AND mysql-bench is earlier than 0:5.0.77-4.el5_4.2 AND mysql-devel is earlier than 0:5.0.77-4.el5_4.2

Definition Id: oval:org.mitre.oval:def:22888

Oval ID:	oval:org.mitre.oval:def:22888
Title:	ELSA-2009:1289: mysql security and bug fix update (Moderate)
Description:	Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1289-02 CVE-2008-2079 CVE-2008-3963 CVE-2008-4456 CVE-2009-2446	Version:	21
Platform(s):	Oracle Linux 5	Product(s):	mysql
Definition Synopsis:
Oracle Linux 5.x rpm test mysql-test is earlier than 0:5.0.77-3.el5 AND mysql is earlier than 0:5.0.77-3.el5 AND mysql-server is earlier than 0:5.0.77-3.el5 AND mysql-bench is earlier than 0:5.0.77-3.el5 AND mysql-devel is earlier than 0:5.0.77-3.el5

Definition Id: oval:org.mitre.oval:def:28260

Oval ID:	oval:org.mitre.oval:def:28260
Title:	DEPRECATED: ELSA-2010-0109 -- mysql security update (moderate)
Description:	[5.0.77-4.2] - Add fixes for CVE-2009-4019, CVE-2009-4028, CVE-2009-4030 Resolves: #556505 - Use non-expired certificates for SSL testing (upstream bug 50702) - Emit explicit error message if user tries to build RPM as root - Add comment suggesting disabling symbolic links in /etc/my.cnf
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0109 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	mysql
Definition Synopsis:
Oracle Linux 5.x Packages match section mysql is earlier than 0:5.0.77-4.el5_4.2 AND mysql-bench is earlier than 0:5.0.77-4.el5_4.2 AND mysql-devel is earlier than 0:5.0.77-4.el5_4.2 AND mysql-server is earlier than 0:5.0.77-4.el5_4.2 AND mysql-test is earlier than 0:5.0.77-4.el5_4.2

Definition Id: oval:org.mitre.oval:def:28888

Oval ID:	oval:org.mitre.oval:def:28888
Title:	RHSA-2009:1289 -- mysql security and bug fix update (Moderate)
Description:	Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1289 CESA-2009:1289-CentOS 5 CVE-2008-2079 CVE-2008-3963 CVE-2008-4456 CVE-2009-2446	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	mysql
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section mysql-bench is earlier than 0:5.0.77-3.el5 AND mysql-devel is earlier than 0:5.0.77-3.el5 AND mysql-server is earlier than 0:5.0.77-3.el5 AND mysql-test is earlier than 0:5.0.77-3.el5 AND mysql is earlier than 0:5.0.77-3.el5

Definition Id: oval:org.mitre.oval:def:6799

Oval ID:	oval:org.mitre.oval:def:6799
Title:	DSA-1997 mysql-dfsg-5.0 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field.
Family:	unix	Class:	patch
Reference(s):	DSA-1997 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.51a-24+lenny3 AND mysql-common is earlier than 5.0.51a-24+lenny3 AND mysql-server is earlier than 5.0.51a-24+lenny3 AND libmysqlclient15-dev is earlier than 5.0.51a-24+lenny3 AND mysql-client-5.0 is earlier than 5.0.51a-24+lenny3 AND libmysqlclient15off is earlier than 5.0.51a-24+lenny3 AND mysql-server-5.0 is earlier than 5.0.51a-24+lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.32-7etch12 AND mysql-common is earlier than 5.0.32-7etch12 AND mysql-server is earlier than 5.0.32-7etch12 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev is earlier than 5.0.32-7etch12 AND mysql-server-4.1 is earlier than 5.0.32-7etch12 AND mysql-client-5.0 is earlier than 5.0.32-7etch12 AND mysql-server-5.0 is earlier than 5.0.32-7etch12 AND libmysqlclient15off is earlier than 5.0.32-7etch12

Definition Id: oval:org.mitre.oval:def:7877

Oval ID:	oval:org.mitre.oval:def:7877
Title:	DSA-1783 mysql-dfsg-5.0 -- multiple vulnerabilities
Description:	Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application. The Common Vulnerabilities and Exposures project identifies the following two problems: Kay Roepke reported that the MySQL server would not properly handle an empty bit-string literal in an SQL statement, allowing an authenticated remote attacker to cause a denial of service (a crash) in mysqld. This issue affects the oldstable distribution (etch), but not the stable distribution (lenny). Thomas Henlich reported that the MySQL commandline client application did not encode HTML special characters when run in HTML output mode (that is, "mysql --html ..."). This could potentially lead to cross-site scripting or unintended script privilege escalation if the resulting output is viewed in a browser or incorporated into a web site.
Family:	unix	Class:	patch
Reference(s):	DSA-1783 CVE-2008-3963 CVE-2008-4456	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.51a-24+lenny1 AND mysql-common is earlier than 5.0.51a-24+lenny1 AND mysql-server is earlier than 5.0.51a-24+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev is earlier than 5.0.51a-24+lenny1 AND mysql-client-5.0 is earlier than 5.0.51a-24+lenny1 AND mysql-server-5.0 is earlier than 5.0.51a-24+lenny1 AND libmysqlclient15off is earlier than 5.0.51a-24+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.32-7etch10 AND mysql-common is earlier than 5.0.32-7etch10 AND mysql-server is earlier than 5.0.32-7etch10 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev is earlier than 5.0.32-7etch10 AND mysql-server-4.1 is earlier than 5.0.32-7etch10 AND mysql-client-5.0 is earlier than 5.0.32-7etch10 AND libmysqlclient15off is earlier than 5.0.32-7etch10 AND mysql-server-5.0 is earlier than 5.0.32-7etch10

Definition Id: oval:org.mitre.oval:def:7905

Oval ID:	oval:org.mitre.oval:def:7905
Title:	DSA-1877 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Description:	In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.
Family:	unix	Class:	patch
Reference(s):	DSA-1877 CVE-2009-2446	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.51a-24+lenny2 AND mysql-common is earlier than 5.0.51a-24+lenny2 AND mysql-server is earlier than 5.0.51a-24+lenny2 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev is earlier than 5.0.51a-24+lenny2 AND mysql-client-5.0 is earlier than 5.0.51a-24+lenny2 AND libmysqlclient15off is earlier than 5.0.51a-24+lenny2 AND mysql-server-5.0 is earlier than 5.0.51a-24+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.32-7etch11 AND mysql-common is earlier than 5.0.32-7etch11 AND mysql-server is earlier than 5.0.32-7etch11 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev is earlier than 5.0.32-7etch11 AND mysql-client-5.0 is earlier than 5.0.32-7etch11 AND mysql-server-4.1 is earlier than 5.0.32-7etch11 AND mysql-server-5.0 is earlier than 5.0.32-7etch11 AND libmysqlclient15off is earlier than 5.0.32-7etch11

Definition Id: oval:org.mitre.oval:def:8156

Oval ID:	oval:org.mitre.oval:def:8156
Title:	MySQL 5.1 Privilege Bypass with DATA/INDEX DIRECTORY
Description:	MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-4030	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008	Product(s):	MySQL Server 5.1
Definition Synopsis:
MySQL 5.1 is installed AND MySQL Server 5.1 version is less than 5.1.41

Definition Id: oval:org.mitre.oval:def:8500

Oval ID:	oval:org.mitre.oval:def:8500
Title:	MySQL 5.0 and 5.1 SELECT Statement DOS Vulnerability
Description:	mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-4019	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008	Product(s):	MySQL Server 5.0 MySQL Server 5.1
Definition Synopsis:
IF MySQL 5.0 is installed AND MySQL Server 5.0 version is less than 5.0.88 OR MySQL 5.1 is installed AND MySQL Server 5.1 version is less than 5.1.41

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mariadb cpe:2.3:a:mariadb:mariadb:5.1.41:::::::* cpe:2.3:a:mariadb:mariadb:2.13.0:::::node.js:: cpe:2.3:a:mariadb:mariadb:::::::: cpe:2.3:a:mariadb:mariadb::r1::::::* cpe:2.3:a:mariadb:mariadb::::::node.js::*	5
Application	Mysql cpe:2.3:a:mysql:mysql:6.0.9:::::::* cpe:2.3:a:mysql:mysql:5.0.5.0.21:::::::* cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:::::::* cpe:2.3:a:mysql:mysql:4.1.23:::::::*	4
Application	Oracle Mysql cpe:2.3:a:oracle:mysql:6.0.4:::::::* cpe:2.3:a:oracle:mysql:6.0.3:::::::* cpe:2.3:a:oracle:mysql:6.0.2:::::::* cpe:2.3:a:oracle:mysql:6.0.1:::::::* cpe:2.3:a:oracle:mysql:6.0.0:::::::* cpe:2.3:a:oracle:mysql:5.1.9:::::::* cpe:2.3:a:oracle:mysql:5.1.8:::::::* cpe:2.3:a:oracle:mysql:5.1.7:::::::* cpe:2.3:a:oracle:mysql:5.1.6:::::::* cpe:2.3:a:oracle:mysql:5.1.5:-:::::: cpe:2.3:a:oracle:mysql:5.1.42:::::::* cpe:2.3:a:oracle:mysql:5.1.41:::::::* cpe:2.3:a:oracle:mysql:5.1.40:::::::* cpe:2.3:a:oracle:mysql:5.1.40:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.4:::::::* cpe:2.3:a:oracle:mysql:5.1.39:::::::* cpe:2.3:a:oracle:mysql:5.1.38:::::::* cpe:2.3:a:oracle:mysql:5.1.37:-:::::: cpe:2.3:a:oracle:mysql:5.1.37:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.36:::::::* cpe:2.3:a:oracle:mysql:5.1.35:::::::* cpe:2.3:a:oracle:mysql:5.1.34:-:::::: cpe:2.3:a:oracle:mysql:5.1.34:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.33:::::::* cpe:2.3:a:oracle:mysql:5.1.32:-:::::: cpe:2.3:a:oracle:mysql:5.1.31:-:::::: cpe:2.3:a:oracle:mysql:5.1.31:sp1:::::: cpe:2.3:a:oracle:mysql:5.1.30:::::::* cpe:2.3:a:oracle:mysql:5.1.3:::::::* cpe:2.3:a:oracle:mysql:5.1.29:::::::* cpe:2.3:a:oracle:mysql:5.1.28:::::::* cpe:2.3:a:oracle:mysql:5.1.27:::::::* cpe:2.3:a:oracle:mysql:5.1.26:::::::* cpe:2.3:a:oracle:mysql:5.1.25:::::::* cpe:2.3:a:oracle:mysql:5.1.24:::::::* cpe:2.3:a:oracle:mysql:5.1.23:-:::::: cpe:2.3:a:oracle:mysql:5.1.23:a:::::: cpe:2.3:a:oracle:mysql:5.1.22:::::::* cpe:2.3:a:oracle:mysql:5.1.21:::::::* cpe:2.3:a:oracle:mysql:5.1.20:::::::* cpe:2.3:a:oracle:mysql:5.1.2:::::::* cpe:2.3:a:oracle:mysql:5.1.19:::::::* cpe:2.3:a:oracle:mysql:5.1.18:::::::* cpe:2.3:a:oracle:mysql:5.1.17:::::::* cpe:2.3:a:oracle:mysql:5.1.16:::::::* cpe:2.3:a:oracle:mysql:5.1.15:::::::* cpe:2.3:a:oracle:mysql:5.1.14:::::::* cpe:2.3:a:oracle:mysql:5.1.13:::::::* cpe:2.3:a:oracle:mysql:5.1.12:::::::* cpe:2.3:a:oracle:mysql:5.1.11:::::::* cpe:2.3:a:oracle:mysql:5.1.10:::::::* cpe:2.3:a:oracle:mysql:5.1.1:::::::* cpe:2.3:a:oracle:mysql:5.1:::::::* cpe:2.3:a:oracle:mysql:5.0.94:::::::* cpe:2.3:a:oracle:mysql:5.0.93:::::::* cpe:2.3:a:oracle:mysql:5.0.92:::::::* cpe:2.3:a:oracle:mysql:5.0.91:::::::* cpe:2.3:a:oracle:mysql:5.0.90:::::::* cpe:2.3:a:oracle:mysql:5.0.9:::::::* cpe:2.3:a:oracle:mysql:5.0.89:::::::* cpe:2.3:a:oracle:mysql:5.0.88:::::::* cpe:2.3:a:oracle:mysql:5.0.87:-:::::: cpe:2.3:a:oracle:mysql:5.0.87:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.86:::::::* cpe:2.3:a:oracle:mysql:5.0.85:::::::* cpe:2.3:a:oracle:mysql:5.0.84:-:::::: cpe:2.3:a:oracle:mysql:5.0.84:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.83:::::::* cpe:2.3:a:oracle:mysql:5.0.82:-:::::: cpe:2.3:a:oracle:mysql:5.0.82:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.81:::::::* cpe:2.3:a:oracle:mysql:5.0.80:::::::* cpe:2.3:a:oracle:mysql:5.0.8:::::::* cpe:2.3:a:oracle:mysql:5.0.79:::::::* cpe:2.3:a:oracle:mysql:5.0.78:::::::* cpe:2.3:a:oracle:mysql:5.0.77:::::::* cpe:2.3:a:oracle:mysql:5.0.76:::::::* cpe:2.3:a:oracle:mysql:5.0.75:::::::* cpe:2.3:a:oracle:mysql:5.0.74:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.74:-:::::: cpe:2.3:a:oracle:mysql:5.0.72:-:::::: cpe:2.3:a:oracle:mysql:5.0.72:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.70:::::::* cpe:2.3:a:oracle:mysql:5.0.7:::::::* cpe:2.3:a:oracle:mysql:5.0.68:::::::* cpe:2.3:a:oracle:mysql:5.0.67:::::::* cpe:2.3:a:oracle:mysql:5.0.66:-:::::: cpe:2.3:a:oracle:mysql:5.0.66:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.66:a:::::: cpe:2.3:a:oracle:mysql:5.0.64:::::::* cpe:2.3:a:oracle:mysql:5.0.62:::::::* cpe:2.3:a:oracle:mysql:5.0.60:-:::::: cpe:2.3:a:oracle:mysql:5.0.60:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.6:::::::* cpe:2.3:a:oracle:mysql:5.0.58:::::::* cpe:2.3:a:oracle:mysql:5.0.56:-:::::: cpe:2.3:a:oracle:mysql:5.0.56:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.54:-:::::: cpe:2.3:a:oracle:mysql:5.0.52:::::::* cpe:2.3:a:oracle:mysql:5.0.51a:::::::* cpe:2.3:a:oracle:mysql:5.0.51:::::::* cpe:2.3:a:oracle:mysql:5.0.51:b:::::: cpe:2.3:a:oracle:mysql:5.0.51:a:::::: cpe:2.3:a:oracle:mysql:5.0.50:::::::* cpe:2.3:a:oracle:mysql:5.0.50:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.5:-:::::: cpe:2.3:a:oracle:mysql:5.0.5:::::::* cpe:2.3:a:oracle:mysql:5.0.48:::::::* cpe:2.3:a:oracle:mysql:5.0.46:::::::* cpe:2.3:a:oracle:mysql:5.0.45:::::::* cpe:2.3:a:oracle:mysql:5.0.44:-:::::: cpe:2.3:a:oracle:mysql:5.0.44:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.42:::::::* cpe:2.3:a:oracle:mysql:5.0.41:::::::* cpe:2.3:a:oracle:mysql:5.0.40:::::::* cpe:2.3:a:oracle:mysql:5.0.4:-:::::: cpe:2.3:a:oracle:mysql:5.0.4:a:::::: cpe:2.3:a:oracle:mysql:5.0.4:::::::* cpe:2.3:a:oracle:mysql:5.0.38:::::::* cpe:2.3:a:oracle:mysql:5.0.37:::::::* cpe:2.3:a:oracle:mysql:5.0.36:-:::::: cpe:2.3:a:oracle:mysql:5.0.36:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.36:::::::* cpe:2.3:a:oracle:mysql:5.0.34:::::::* cpe:2.3:a:oracle:mysql:5.0.33:::::::* cpe:2.3:a:oracle:mysql:5.0.32:::::::* cpe:2.3:a:oracle:mysql:5.0.30:sp1:::::: cpe:2.3:a:oracle:mysql:5.0.30:-:::::: cpe:2.3:a:oracle:mysql:5.0.30:::::::* cpe:2.3:a:oracle:mysql:5.0.3:-:::::: cpe:2.3:a:oracle:mysql:5.0.3:beta:::::: cpe:2.3:a:oracle:mysql:5.0.3:a:::::: cpe:2.3:a:oracle:mysql:5.0.3:::::::* cpe:2.3:a:oracle:mysql:5.0.28:::::::* cpe:2.3:a:oracle:mysql:5.0.27:::::::* cpe:2.3:a:oracle:mysql:5.0.26:::::::* cpe:2.3:a:oracle:mysql:5.0.25:::::::* cpe:2.3:a:oracle:mysql:5.0.24:-:::::: cpe:2.3:a:oracle:mysql:5.0.24:a:::::: cpe:2.3:a:oracle:mysql:5.0.24:::::::* cpe:2.3:a:oracle:mysql:5.0.23:::::::* cpe:2.3:a:oracle:mysql:5.0.22:::::::* cpe:2.3:a:oracle:mysql:5.0.21:::::::* cpe:2.3:a:oracle:mysql:5.0.20:-:::::: cpe:2.3:a:oracle:mysql:5.0.20:a:::::: cpe:2.3:a:oracle:mysql:5.0.20:::::::* cpe:2.3:a:oracle:mysql:5.0.2:-:::::: cpe:2.3:a:oracle:mysql:5.0.2:::::::* cpe:2.3:a:oracle:mysql:5.0.19:::::::* cpe:2.3:a:oracle:mysql:5.0.18:::::::* cpe:2.3:a:oracle:mysql:5.0.17:-:::::: cpe:2.3:a:oracle:mysql:5.0.17:a:::::: cpe:2.3:a:oracle:mysql:5.0.17:::::::* cpe:2.3:a:oracle:mysql:5.0.16:-:::::: cpe:2.3:a:oracle:mysql:5.0.16:a:::::: cpe:2.3:a:oracle:mysql:5.0.16:::::::* cpe:2.3:a:oracle:mysql:5.0.15:-:::::: cpe:2.3:a:oracle:mysql:5.0.15:a:::::: cpe:2.3:a:oracle:mysql:5.0.15:::::::* cpe:2.3:a:oracle:mysql:5.0.14:::::::* cpe:2.3:a:oracle:mysql:5.0.13:::::::* cpe:2.3:a:oracle:mysql:5.0.12:::::::* cpe:2.3:a:oracle:mysql:5.0.11:::::::* cpe:2.3:a:oracle:mysql:5.0.10:-:::::: cpe:2.3:a:oracle:mysql:5.0.10:a:::::: cpe:2.3:a:oracle:mysql:5.0.10:::::::* cpe:2.3:a:oracle:mysql:5.0.1:-:::::: cpe:2.3:a:oracle:mysql:5.0.1:a:::::: cpe:2.3:a:oracle:mysql:5.0.1:::::::* cpe:2.3:a:oracle:mysql:5.0.0:alpha:::::: cpe:2.3:a:oracle:mysql:5.0.0:-:::::: cpe:2.3:a:oracle:mysql:5.0.0:::::::* cpe:2.3:a:oracle:mysql:5.0.0:milestone1:::::: cpe:2.3:a:oracle:mysql:5.0.0:milestone2:::::: cpe:2.3:a:oracle:mysql:4.1.9:::::::* cpe:2.3:a:oracle:mysql:4.1.8:-:::::: cpe:2.3:a:oracle:mysql:4.1.8:a:::::: cpe:2.3:a:oracle:mysql:4.1.8:::::::* cpe:2.3:a:oracle:mysql:4.1.7:::::::* cpe:2.3:a:oracle:mysql:4.1.6:::::::* cpe:2.3:a:oracle:mysql:4.1.5:::::::* cpe:2.3:a:oracle:mysql:4.1.4:::::::* cpe:2.3:a:oracle:mysql:4.1.3:-:::::: cpe:2.3:a:oracle:mysql:4.1.3:beta:::::: cpe:2.3:a:oracle:mysql:4.1.3:::::::* cpe:2.3:a:oracle:mysql:4.1.24:::::::* cpe:2.3:a:oracle:mysql:4.1.23:::::::* cpe:2.3:a:oracle:mysql:4.1.22:::::::* cpe:2.3:a:oracle:mysql:4.1.21:::::::* cpe:2.3:a:oracle:mysql:4.1.20:::::::* cpe:2.3:a:oracle:mysql:4.1.2:alpha:::::: cpe:2.3:a:oracle:mysql:4.1.2:-:::::: cpe:2.3:a:oracle:mysql:4.1.2:::::::* cpe:2.3:a:oracle:mysql:4.1.19:::::::* cpe:2.3:a:oracle:mysql:4.1.18:::::::* cpe:2.3:a:oracle:mysql:4.1.17:::::::* cpe:2.3:a:oracle:mysql:4.1.16:::::::* cpe:2.3:a:oracle:mysql:4.1.15:-:::::: cpe:2.3:a:oracle:mysql:4.1.15:a:::::: cpe:2.3:a:oracle:mysql:4.1.15:::::::* cpe:2.3:a:oracle:mysql:4.1.14:-:::::: cpe:2.3:a:oracle:mysql:4.1.14:a:::::: cpe:2.3:a:oracle:mysql:4.1.14:::::::* cpe:2.3:a:oracle:mysql:4.1.13:-:::::: cpe:2.3:a:oracle:mysql:4.1.13:a:::::: cpe:2.3:a:oracle:mysql:4.1.13:::::::* cpe:2.3:a:oracle:mysql:4.1.12:-:::::: cpe:2.3:a:oracle:mysql:4.1.12:a:::::: cpe:2.3:a:oracle:mysql:4.1.12:::::::* cpe:2.3:a:oracle:mysql:4.1.11:::::::* cpe:2.3:a:oracle:mysql:4.1.10:-:::::: cpe:2.3:a:oracle:mysql:4.1.10:a:::::: cpe:2.3:a:oracle:mysql:4.1.10:::::::* cpe:2.3:a:oracle:mysql:4.1.1:::::::* cpe:2.3:a:oracle:mysql:4.1.0:alpha:::::: cpe:2.3:a:oracle:mysql:4.1.0:-:::::: cpe:2.3:a:oracle:mysql:4.1.0:::::::* cpe:2.3:a:oracle:mysql:4.0.9:::::::* cpe:2.3:a:oracle:mysql:4.0.9:gamma:::::: cpe:2.3:a:oracle:mysql:4.0.8:::::::* cpe:2.3:a:oracle:mysql:4.0.8:gamma:::::: cpe:2.3:a:oracle:mysql:4.0.7:::::::* cpe:2.3:a:oracle:mysql:4.0.7:gamma:::::: cpe:2.3:a:oracle:mysql:4.0.6:::::::* cpe:2.3:a:oracle:mysql:4.0.5a:::::::* cpe:2.3:a:oracle:mysql:4.0.5:::::::* cpe:2.3:a:oracle:mysql:4.0.4:::::::* cpe:2.3:a:oracle:mysql:4.0.30:::::::* cpe:2.3:a:oracle:mysql:4.0.3:::::::* cpe:2.3:a:oracle:mysql:4.0.28:::::::* cpe:2.3:a:oracle:mysql:4.0.27:::::::* cpe:2.3:a:oracle:mysql:4.0.26:::::::* cpe:2.3:a:oracle:mysql:4.0.25:::::::* cpe:2.3:a:oracle:mysql:4.0.24:::::::* cpe:2.3:a:oracle:mysql:4.0.23:::::::* cpe:2.3:a:oracle:mysql:4.0.22:::::::* cpe:2.3:a:oracle:mysql:4.0.21:::::::* cpe:2.3:a:oracle:mysql:4.0.20:::::::* cpe:2.3:a:oracle:mysql:4.0.2:::::::* cpe:2.3:a:oracle:mysql:4.0.19:::::::* cpe:2.3:a:oracle:mysql:4.0.18:::::::* cpe:2.3:a:oracle:mysql:4.0.17:::::::* cpe:2.3:a:oracle:mysql:4.0.16:::::::* cpe:2.3:a:oracle:mysql:4.0.15:::::::* cpe:2.3:a:oracle:mysql:4.0.14:::::::* cpe:2.3:a:oracle:mysql:4.0.13:::::::* cpe:2.3:a:oracle:mysql:4.0.12:::::::* cpe:2.3:a:oracle:mysql:4.0.11:::::::* cpe:2.3:a:oracle:mysql:4.0.11:gamma:::::: cpe:2.3:a:oracle:mysql:4.0.10:::::::* cpe:2.3:a:oracle:mysql:4.0.1:::::::* cpe:2.3:a:oracle:mysql:4.0.0:::::::* cpe:2.3:a:oracle:mysql:3.23.9:::::::* cpe:2.3:a:oracle:mysql:3.23.8:::::::* cpe:2.3:a:oracle:mysql:3.23.7:::::::* cpe:2.3:a:oracle:mysql:3.23.6:::::::* cpe:2.3:a:oracle:mysql:3.23.59:::::::* cpe:2.3:a:oracle:mysql:3.23.58:::::::* cpe:2.3:a:oracle:mysql:3.23.57:::::::* cpe:2.3:a:oracle:mysql:3.23.56:::::::* cpe:2.3:a:oracle:mysql:3.23.55:::::::* cpe:2.3:a:oracle:mysql:3.23.54a:::::::* cpe:2.3:a:oracle:mysql:3.23.54:::::::* cpe:2.3:a:oracle:mysql:3.23.53a:::::::* cpe:2.3:a:oracle:mysql:3.23.53:::::::* cpe:2.3:a:oracle:mysql:3.23.52:::::::* cpe:2.3:a:oracle:mysql:3.23.51:::::::* cpe:2.3:a:oracle:mysql:3.23.50:::::::* cpe:2.3:a:oracle:mysql:3.23.5:::::::* cpe:2.3:a:oracle:mysql:3.23.49:::::::* cpe:2.3:a:oracle:mysql:3.23.48:::::::* cpe:2.3:a:oracle:mysql:3.23.47:::::::* cpe:2.3:a:oracle:mysql:3.23.46:::::::* cpe:2.3:a:oracle:mysql:3.23.45:::::::* cpe:2.3:a:oracle:mysql:3.23.44:::::::* cpe:2.3:a:oracle:mysql:3.23.43:::::::* cpe:2.3:a:oracle:mysql:3.23.42:::::::* cpe:2.3:a:oracle:mysql:3.23.41:::::::* cpe:2.3:a:oracle:mysql:3.23.40:::::::* cpe:2.3:a:oracle:mysql:3.23.4:::::::* cpe:2.3:a:oracle:mysql:3.23.39:::::::* cpe:2.3:a:oracle:mysql:3.23.38:::::::* cpe:2.3:a:oracle:mysql:3.23.37:::::::* cpe:2.3:a:oracle:mysql:3.23.36:::::::* cpe:2.3:a:oracle:mysql:3.23.35:::::::* cpe:2.3:a:oracle:mysql:3.23.34:::::::* cpe:2.3:a:oracle:mysql:3.23.33:::::::* cpe:2.3:a:oracle:mysql:3.23.32:::::::* cpe:2.3:a:oracle:mysql:3.23.31:::::::* cpe:2.3:a:oracle:mysql:3.23.30:::::::* cpe:2.3:a:oracle:mysql:3.23.3:::::::* cpe:2.3:a:oracle:mysql:3.23.29:::::::* cpe:2.3:a:oracle:mysql:3.23.28:::::::* cpe:2.3:a:oracle:mysql:3.23.28:gamma:::::: cpe:2.3:a:oracle:mysql:3.23.27:::::::* cpe:2.3:a:oracle:mysql:3.23.26:::::::* cpe:2.3:a:oracle:mysql:3.23.25:::::::* cpe:2.3:a:oracle:mysql:3.23.24:::::::* cpe:2.3:a:oracle:mysql:3.23.23:::::::* cpe:2.3:a:oracle:mysql:3.23.22:::::::* cpe:2.3:a:oracle:mysql:3.23.21:::::::* cpe:2.3:a:oracle:mysql:3.23.20:beta:::::: cpe:2.3:a:oracle:mysql:3.23.2:::::::* cpe:2.3:a:oracle:mysql:3.23.19:::::::* cpe:2.3:a:oracle:mysql:3.23.18:::::::* cpe:2.3:a:oracle:mysql:3.23.17:::::::* cpe:2.3:a:oracle:mysql:3.23.16:::::::* cpe:2.3:a:oracle:mysql:3.23.15:::::::* cpe:2.3:a:oracle:mysql:3.23.14:::::::* cpe:2.3:a:oracle:mysql:3.23.13:::::::* cpe:2.3:a:oracle:mysql:3.23.12:::::::* cpe:2.3:a:oracle:mysql:3.23.11:::::::* cpe:2.3:a:oracle:mysql:3.23.10:::::::* cpe:2.3:a:oracle:mysql:3.23.1:::::::* cpe:2.3:a:oracle:mysql:3.23.0:alpha:::::: cpe:2.3:a:oracle:mysql:3.23:::::::* cpe:2.3:a:oracle:mysql:3.22.32:::::::* cpe:2.3:a:oracle:mysql:3.22.30:::::::* cpe:2.3:a:oracle:mysql:3.22.29:::::::* cpe:2.3:a:oracle:mysql:3.22.28:::::::* cpe:2.3:a:oracle:mysql:3.22.27:::::::* cpe:2.3:a:oracle:mysql:3.22.26:::::::* cpe:2.3:a:oracle:mysql:3.22:::::::* cpe:2.3:a:oracle:mysql:3.21:::::::* cpe:2.3:a:oracle:mysql:3.20.32a:::::::* cpe:2.3:a:oracle:mysql:3.20:::::::* cpe:2.3:a:oracle:mysql:1.5.1:::::::* cpe:2.3:a:oracle:mysql:::::::: cpe:2.3:a:oracle:mysql:-:::::::*	329
Application	Wolfssl Yassl cpe:2.3:a:wolfssl:yassl::::::::	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts::: cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	12
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:6.0:::::::* cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:debian:debian_linux:4.0:::::::*	3

OpenVAS Exploits

Date	Description
2012-03-16	Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-02-12	Name : Gentoo Security Advisory GLSA 201201-02 (MySQL) File : nvt/glsa_201201_02.nasl
2011-08-09	Name : CentOS Update for mysql CESA-2009:1289 centos5 i386 File : nvt/gb_CESA-2009_1289_mysql_centos5_i386.nasl
2011-08-09	Name : CentOS Update for mysql CESA-2010:0109 centos5 i386 File : nvt/gb_CESA-2010_0109_mysql_centos5_i386.nasl
2010-08-06	Name : Fedora Update for mysql FEDORA-2010-11126 File : nvt/gb_fedora_2010_11126_mysql_fc12.nasl
2010-06-11	Name : Fedora Update for mysql FEDORA-2010-9061 File : nvt/gb_fedora_2010_9061_mysql_fc11.nasl
2010-06-11	Name : Fedora Update for mysql FEDORA-2010-9053 File : nvt/gb_fedora_2010_9053_mysql_fc12.nasl
2010-05-17	Name : Fedora Update for mysql FEDORA-2010-7414 File : nvt/gb_fedora_2010_7414_mysql_fc12.nasl
2010-05-17	Name : Fedora Update for mysql FEDORA-2010-7355 File : nvt/gb_fedora_2010_7355_mysql_fc11.nasl
2010-05-12	Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-03-02	Name : Fedora Update for mysql FEDORA-2010-1348 File : nvt/gb_fedora_2010_1348_mysql_fc12.nasl
2010-03-02	Name : Fedora Update for mysql FEDORA-2010-1300 File : nvt/gb_fedora_2010_1300_mysql_fc11.nasl
2010-02-22	Name : Mandriva Update for mysql MDVSA-2010:044 (mysql) File : nvt/gb_mandriva_MDVSA_2010_044.nasl
2010-02-19	Name : RedHat Update for mysql RHSA-2010:0109-01 File : nvt/gb_RHSA-2010_0109-01_mysql.nasl
2010-02-19	Name : RedHat Update for mysql RHSA-2010:0110-01 File : nvt/gb_RHSA-2010_0110-01_mysql.nasl
2010-02-19	Name : CentOS Update for mysql CESA-2010:0110 centos4 i386 File : nvt/gb_CESA-2010_0110_mysql_centos4_i386.nasl
2010-02-15	Name : Ubuntu Update for MySQL vulnerabilities USN-897-1 File : nvt/gb_ubuntu_USN_897_1.nasl
2010-01-29	Name : Mandriva Update for mmc MDVA-2010:044 (mmc) File : nvt/gb_mandriva_MDVA_2010_044.nasl
2010-01-19	Name : Mandriva Update for mysql MDVSA-2010:011 (mysql) File : nvt/gb_mandriva_MDVSA_2010_011.nasl
2010-01-19	Name : Mandriva Update for mysql MDVSA-2010:012 (mysql) File : nvt/gb_mandriva_MDVSA_2010_012.nasl
2010-01-11	Name : MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability File : nvt/mysql_37640.nasl
2010-01-04	Name : MySQL Server Buffer Overflow Vulnerability (Linux) File : nvt/secpod_mysql_bof_vuln_lin.nasl
2009-12-30	Name : Fedora Core 11 FEDORA-2009-13504 (mysql) File : nvt/fcore_2009_13504.nasl
2009-12-30	Name : Fedora Core 12 FEDORA-2009-13466 (mysql) File : nvt/fcore_2009_13466.nasl
2009-12-14	Name : Fedora Core 10 FEDORA-2009-12180 (mysql) File : nvt/fcore_2009_12180.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:326 (mysql) File : nvt/mdksa_2009_326.nasl
2009-12-04	Name : MySQL Authenticated Access Restrictions Bypass Vulnerability File : nvt/gb_mysql_auth_bypass_vuln.nasl
2009-12-04	Name : MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux) File : nvt/gb_mysql_auth_bypass_vuln_lin.nasl
2009-12-04	Name : MySQL Denial Of Service and Spoofing Vulnerabilities File : nvt/gb_mysql_dos_n_spoofing_vuln.nasl
2009-11-20	Name : MySQL multiple Vulnerabilities File : nvt/mysql_multiple_vuln.nasl
2009-10-13	Name : SLES10: Security update for MySQL File : nvt/sles10_mysql.nasl
2009-10-13	Name : SLES10: Security update for MySQL File : nvt/sles10_mysql0.nasl
2009-10-11	Name : SLES11: Security update for MySQL File : nvt/sles11_libmysqlclient1.nasl
2009-10-10	Name : SLES9: Security update for MySQL File : nvt/sles9p5040120.nasl
2009-10-10	Name : SLES9: Security update for MySQL File : nvt/sles9p5056120.nasl
2009-09-28	Name : RedHat Security Advisory RHSA-2009:1461 File : nvt/RHSA_2009_1461.nasl
2009-09-21	Name : CentOS Security Advisory CESA-2009:1289 (mysql) File : nvt/ovcesa2009_1289.nasl
2009-09-09	Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl
2009-09-09	Name : RedHat Security Advisory RHSA-2009:1289 File : nvt/RHSA_2009_1289.nasl
2009-09-09	Name : Debian Security Advisory DSA 1877-1 (mysql-dfsg-5.0) File : nvt/deb_1877_1.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:179 (mysql) File : nvt/mdksa_2009_179.nasl
2009-07-29	Name : Mandrake Security Advisory MDVSA-2009:159 (mysql) File : nvt/mdksa_2009_159.nasl
2009-07-17	Name : MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities File : nvt/gb_mysql_mult_format_string_vuln.nasl
2009-06-05	Name : RedHat Security Advisory RHSA-2009:1067 File : nvt/RHSA_2009_1067.nasl
2009-06-05	Name : Ubuntu USN-763-1 (xine-lib) File : nvt/ubuntu_763_1.nasl
2009-04-28	Name : Mandrake Security Advisory MDVSA-2009:094 (mysql) File : nvt/mdksa_2009_094.nasl
2009-04-23	Name : MySQL MyISAM Table Privileges Secuity Bypass Vulnerability File : nvt/mysql_29106.nasl
2009-03-23	Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1 File : nvt/gb_ubuntu_USN_671_1.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl
2009-01-02	Name : FreeBSD Ports: mysql-server File : nvt/freebsd_mysql-server15.nasl
2008-11-19	Name : Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0) File : nvt/deb_1662_1.nasl
2008-10-03	Name : FreeBSD Ports: mysql-client File : nvt/freebsd_mysql-client0.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
61956	yaSSL Certificate Name Handling Overflow
60665	MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restricti...
60664	MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restri...
60489	MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
60488	MySQL SELECT Statement WHERE Clause Sub-query DoS
55734	MySQL sql_parse.cc dispatch_command() Function Format String DoS
48710	MySQL Command Line Client HTML Output XSS
44937	MySQL MyISAM Table CREATE TABLE Privilege Check Bypass

Snort® IPS/IDS

Date	Description
2014-01-10	Database SELECT subquery denial of service attempt RuleID : 20053 - Revision : 7 - Type : SERVER-MYSQL
2014-01-10	mysql_log COM_DROP_DB format string vulnerability exploit attempt RuleID : 16708 - Revision : 8 - Type : SERVER-MYSQL
2014-01-10	mysql_log COM_CREATE_DB format string vulnerability exploit attempt RuleID : 16707 - Revision : 8 - Type : SERVER-MYSQL
2014-01-10	yaSSL library cert parsing stack overflow attempt RuleID : 16385 - Revision : 7 - Type : SERVER-MYSQL
2014-01-10	database Procedure Analyse denial of service attempt - 2 RuleID : 16349 - Revision : 7 - Type : SERVER-MYSQL
2014-01-10	database PROCEDURE ANALYSE denial of service attempt - 1 RuleID : 16348 - Revision : 7 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_mysql_20130924.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0121.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO
2012-11-15	Name : The remote database server is affected by a local user to bypass privilege ce... File : mysql_5_0_95_create_table_bypass.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100216_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100216_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-03-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-01-18	Name : Access restrictions can be bypassed on the remote database server. File : mysql_6_0_9.nasl - Type : ACT_GATHER_INFO
2012-01-18	Name : The remote database server is affected by several buffer overflow vulnerabili... File : mysql_5_1_43_yaSSL.nasl - Type : ACT_GATHER_INFO
2012-01-16	Name : The remote database server is prone to a denial of service attack. File : mysql_5_0_38.nasl - Type : ACT_GATHER_INFO
2012-01-16	Name : A remote database client have a cross-site scripting vulnerability. File : mysql_6_0_14_XSS.nasl - Type : ACT_GATHER_INFO
2012-01-06	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-100429.nasl - Type : ACT_GATHER_INFO
2010-11-09	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12661.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6899.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-012.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-044.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1348.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1300.nasl - Type : ACT_GATHER_INFO
2010-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-100504.nasl - Type : ACT_GATHER_INFO
2010-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-100401.nasl - Type : ACT_GATHER_INFO
2010-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libmysqlclient-devel-100401.nasl - Type : ACT_GATHER_INFO
2010-05-04	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-091216.nasl - Type : ACT_GATHER_INFO
2010-05-04	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-091216.nasl - Type : ACT_GATHER_INFO
2010-05-04	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libmysqlclient-devel-091215.nasl - Type : ACT_GATHER_INFO
2010-03-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-19	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6897.nasl - Type : ACT_GATHER_INFO
2010-03-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1997.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1877.nasl - Type : ACT_GATHER_INFO
2010-02-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO
2010-02-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-897-1.nasl - Type : ACT_GATHER_INFO
2010-01-18	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-011.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2009-12-22	Name : The remote Fedora host is missing a security update. File : fedora_2009-13504.nasl - Type : ACT_GATHER_INFO
2009-12-22	Name : The remote Fedora host is missing a security update. File : fedora_2009-13466.nasl - Type : ACT_GATHER_INFO
2009-12-14	Name : The remote Fedora host is missing a security update. File : fedora_2009-12180.nasl - Type : ACT_GATHER_INFO
2009-12-08	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-326.nasl - Type : ACT_GATHER_INFO
2009-11-25	Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_41.nasl - Type : ACT_GATHER_INFO
2009-11-25	Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_88.nasl - Type : ACT_GATHER_INFO
2009-10-06	Name : The remote openSUSE host is missing a security update. File : suse_libmysqlclient-devel-6360.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6446.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12456.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12256.nasl - Type : ACT_GATHER_INFO
2009-08-27	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-08-27	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-07-28	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-159.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-080919.nasl - Type : ACT_GATHER_INFO
2009-04-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1783.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-671-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-094.nasl - Type : ACT_GATHER_INFO
2008-12-30	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_738f8f9ed66111dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-21	Name : The remote openSUSE host is missing a security update. File : suse_libmysqlclient-devel-5619.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote openSUSE host is missing a security update. File : suse_mysql-5613.nasl - Type : ACT_GATHER_INFO
2008-11-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-5618.nasl - Type : ACT_GATHER_INFO
2008-11-09	Name : The remote database server is susceptible to a privilege bypass attack. File : mysql_es_5_0_70.nasl - Type : ACT_GATHER_INFO
2008-11-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1662.nasl - Type : ACT_GATHER_INFO
2008-10-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4775c8078f3011dd821f001cc0377035.nasl - Type : ACT_GATHER_INFO
2008-09-11	Name : The remote database server is affected by several issues. File : mysql_5_0_67.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:06:35	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	19
CPE ID(s)	354
osvdb(s)	8
Openvas Exploit(s)	54
Snort® Rule(s)	6
Nessus® Exploit(s)	68

	Related
8.5	CVE-2009-2446
7.5	CVE-2009-4484
6	CVE-2008-7247
4.6	CVE-2008-4098
4.4	CVE-2009-4030
4	CVE-2009-4019
2.6	CVE-2008-4456
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)