oval:org.mitre.oval:def:13286

Definition Id: oval:org.mitre.oval:def:13286

Oval ID:	oval:org.mitre.oval:def:13286
Title:	DSA-2057-1 mysql-dfsg-5.0 -- several
Description:	Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1626 MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. CVE-2010-1848 MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. CVE-2010-1849 MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. CVE-2010-1850 MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. For the stable distribution, these problems have been fixed in version 5.0.51a-24+lenny4 The testing and unstable distribution do not contain mysql-dfsg-5.0 anymore. We recommend that you upgrade your mysql-dfsg-5.0 package.
Family:	unix	Class:	patch
Reference(s):	DSA-2057-1 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independet section Installed architecture is all AND Packages section mysql-client DPKG is earlier than 5.0.51a-24+lenny4 AND mysql-common DPKG is earlier than 5.0.51a-24+lenny4 AND mysql-server DPKG is earlier than 5.0.51a-24+lenny4 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmysqlclient15-dev DPKG is earlier than 5.0.51a-24+lenny4 AND mysql-client-5.0 DPKG is earlier than 5.0.51a-24+lenny4 AND mysql-server-5.0 DPKG is earlier than 5.0.51a-24+lenny4 AND libmysqlclient15off DPKG is earlier than 5.0.51a-24+lenny4

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:13286

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0172s

Facebook rss twitter linkedin mail