[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:326 -- Mandriva mysql

ID: oval:org.secpod.oval:def:300632Date: (C)2012-01-07   (M)2017-10-04
Class: PATCHFamily: unix




Multiple vulnerabilities has been found and corrected in mysql: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b"" token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service by using this token in a SQL statement . MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097 . Cross-site scripting vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document . Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service and possibly have unspecified other impact via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. NOTE: some of these details are obtained from third party information . Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.

Platform:
Mandriva Linux 2008.0
Product:
mysql
Reference:
MDVSA-2009:326
CVE-2009-2446
CVE-2008-4456
CVE-2008-4098
CVE-2008-3963
CVE    4
CVE-2009-2446
CVE-2008-3963
CVE-2008-4098
CVE-2008-4456
...
CPE    23
cpe:/o:mandriva:linux:2008.0
cpe:/o:canonical:ubuntu_linux:7.10
cpe:/a:mysql:mysql:5.0.52
cpe:/a:mysql:mysql:5.0.44:sp1
...

© 2013 SecPod Technologies