French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes MySQL Security Bypass and DoS Issues

Title : Mandriva Security Update Fixes MySQL Security Bypass and DoS Issues
Advisory ID : FrSIRT/ADV-2008-0190
CVE ID : CVE-2007-6303 - CVE-2007-6304
Rated as : Moderate Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-01-21

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been idenitified in Mandriva, which could be exploited by malicious users to bypass security restrictions, disclose sensitive information or cause a denial of service [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2008.0:
064fdb51177ab133c998acdbc71e348e 2008.0/i586/libmysql-devel-5.0.45-7.2mdv2008.0.i586.rpm
3cf962a1ea6d9606188d475837a80769 2008.0/i586/libmysql-static-devel-5.0.45-7.2mdv2008.0.i586.rpm
c282c301f8b3701f5f1679232f6a77b2 2008.0/i586/libmysql15-5.0.45-7.2mdv2008.0.i586.rpm
ca9a4284a8b0ca5bc66d6f907864ff2a 2008.0/i586/mysql-5.0.45-7.2mdv2008.0.i586.rpm
3e204768691a5dc721c3c06d9304e748 2008.0/i586/mysql-bench-5.0.45-7.2mdv2008.0.i586.rpm
fcaacf047dcab80fcd8eaec9e98e6edf 2008.0/i586/mysql-client-5.0.45-7.2mdv2008.0.i586.rpm
c8ceff5ee5f62e4cb881b3102fb5f55d 2008.0/i586/mysql-common-5.0.45-7.2mdv2008.0.i586.rpm
3b16d86484d5af6f37f52d3f3fd45d43 2008.0/i586/mysql-max-5.0.45-7.2mdv2008.0.i586.rpm
2200e4602cf8665cb9d03584ded522c1 2008.0/i586/mysql-ndb-extra-5.0.45-7.2mdv2008.0.i586.rpm
10787f09ff4219df9be485b78ec6b6a2 2008.0/i586/mysql-ndb-management-5.0.45-7.2mdv2008.0.i586.rpm
3b61d7d7dee486c33d0c80cb7cb08cfa 2008.0/i586/mysql-ndb-storage-5.0.45-7.2mdv2008.0.i586.rpm
6b1a5f5634551b370b52072d8c72f32a 2008.0/i586/mysql-ndb-tools-5.0.45-7.2mdv2008.0.i586.rpm
4e88830ddc47197339424eed0b182542 2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
bd846e77dcc332aeabc87804a51dbfa0 2008.0/x86_64/lib64mysql-devel-5.0.45-7.2mdv2008.0.x86_64.rpm
bf77fdd2232ad293d78ae9292062132e 2008.0/x86_64/lib64mysql-static-devel-5.0.45-7.2mdv2008.0.x86_64.rpm
3056a37c767226f9b79d8010db4088bb 2008.0/x86_64/lib64mysql15-5.0.45-7.2mdv2008.0.x86_64.rpm
39136e88f94076453c6ebb40665b9afa 2008.0/x86_64/mysql-5.0.45-7.2mdv2008.0.x86_64.rpm
435e64cc3d4f3ccdae6bf24bde758c34 2008.0/x86_64/mysql-bench-5.0.45-7.2mdv2008.0.x86_64.rpm
b36f345d0172cee3a927dffa89684ac0 2008.0/x86_64/mysql-client-5.0.45-7.2mdv2008.0.x86_64.rpm
913836ec3b4a50a7ebb02474382fa1e6 2008.0/x86_64/mysql-common-5.0.45-7.2mdv2008.0.x86_64.rpm
584ded4a650873d0953899976da600c4 2008.0/x86_64/mysql-max-5.0.45-7.2mdv2008.0.x86_64.rpm
0ab53478118d684710bcaece17ca9e4f 2008.0/x86_64/mysql-ndb-extra-5.0.45-7.2mdv2008.0.x86_64.rpm
4a7b1b5fb9ab0e81cd731e3a2ce9aa03 2008.0/x86_64/mysql-ndb-management-5.0.45-7.2mdv2008.0.x86_64.rpm
5e5cf00f23eb70799d677c758227f035 2008.0/x86_64/mysql-ndb-storage-5.0.45-7.2mdv2008.0.x86_64.rpm
442688c38754b05bbb655f2301fd253a 2008.0/x86_64/mysql-ndb-tools-5.0.45-7.2mdv2008.0.x86_64.rpm
4e88830ddc47197339424eed0b182542 2008.0/SRPMS/mysql-5.0.45-7.2mdv2008.0.src.rpm

ChangeLog

2008-01-21 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability

Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability

Sun Java System Portal Server Cross Site Scripting Vulnerability

Sun rdesktop Code Execution and Denial of Service

Sun Java System Web Proxy Server Denial of Service Vulnerability

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)

Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)

Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy