|
Family: Ubuntu Local Security Checks --> Category: infos
USN283-1 : mysql-dfsg-4.1, mysql-dfsg vulnerabilities Vulnerability Scan
Vulnerability Scan Summary mysql-dfsg-4.1, mysql-dfsg vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libmysqlclient12
- libmysqlclient12-dev
- libmysqlclient14
- libmysqlclient14-dev
- mysql-client
- mysql-client-4.1
- mysql-common
- mysql-common-4.1
- mysql-server
- mysql-server-4.1
Description :
Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)
Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517)
Solution :
Upgrade to :
- libmysqlclient12-4.0.24-10ubuntu2.2 (Ubuntu 5.10)
- libmysqlclient12-dev-4.0.24-10ubuntu2.2 (Ubuntu 5.10)
- libmysqlclient14-4.1.12-1ubuntu3.3 (Ubuntu 5.10)
- libmysqlclient14-dev-4.1.12-1ubuntu3.3 (Ubuntu 5.10)
- mysql-client-4.0.24-10ubuntu2.2 (Ubuntu 5.10)
- mysql-client-4.1-4.1.12-1ubuntu3.3 (Ubuntu 5.10)
- mysql-common-4.0.24-10ubuntu2.2 (Ubuntu 5.10)
- mysql-common-4.1-4.1.12-1ubuntu3.3 (Ubuntu 5.10)
- mysql-server-4.0.24-10ubuntu2.2 (Ubuntu 5.10)
- mysql-server-4.1-4.1.12-1ubuntu3.3
[...]
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|