Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2005-348: mysql Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the mysql packages

Detailed Explanation for this Vulnerability Test


Updated mysql-server packages that fix several vulnerabilities are now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes several security risks in the MySQL server.

Stefano Di Paola discovered two bugs in the way MySQL handles user-defined
functions. A user with the ability to create and execute a user defined
function could potentially execute arbitrary code on the MySQL server. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CVE-2005-0709 and CVE-2005-0710 to these issues.

Stefano Di Paola also discovered a bug in the way MySQL creates temporary
tables. A local user could create a specially crafted symlink which could
result in the MySQL server overwriting a file which it has write access to.
The Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-0711 to this issue.

All users of the MySQL server are advised to upgrade to these updated
packages, which contain fixes for these issues.




Solution : http://rhn.redhat.com/errata/RHSA-2005-348.html
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.