oval:org.mitre.oval:def:11765

Definition Id: oval:org.mitre.oval:def:11765

Oval ID:	oval:org.mitre.oval:def:11765
Title:	DSA-2057 mysql-dfsg-5.0 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code.
Family:	unix	Class:	patch
Reference(s):	DSA-2057 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section mysql-client is earlier than 5.0.51a-24+lenny4 AND mysql-common is earlier than 5.0.51a-24+lenny4 AND mysql-server is earlier than 5.0.51a-24+lenny4 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev is earlier than 5.0.51a-24+lenny4 AND mysql-client-5.0 is earlier than 5.0.51a-24+lenny4 AND mysql-server-5.0 is earlier than 5.0.51a-24+lenny4 AND libmysqlclient15off is earlier than 5.0.51a-24+lenny4

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:11765

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0163s

Facebook rss twitter linkedin mail