MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)
2009-12-04T00:00:00
ID OPENVAS:1361412562310801065 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2019-03-07T00:00:00
Description
The host is running MySQL and is prone to Access Restrictions Bypass
Vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_mysql_auth_bypass_vuln_lin.nasl 14031 2019-03-07 10:47:29Z cfischer $
#
# MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:mysql:mysql";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.801065");
script_version("$Revision: 14031 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $");
script_tag(name:"creation_date", value:"2009-12-04 14:17:59 +0100 (Fri, 04 Dec 2009)");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_cve_id("CVE-2008-7247");
script_name("MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Denial of Service");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_dependencies("mysql_version.nasl");
script_require_ports("Services/mysql", 3306);
script_mandatory_keys("MySQL/installed");
script_tag(name:"impact", value:"Successful exploitation could allow users to bypass intended access restrictions
by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory.");
script_tag(name:"affected", value:"MySQL 5.0.x before 5.0.88, 5.1.x before 5.1.41, 6.0 before 6.0.9-alpha.");
script_tag(name:"insight", value:"The flaw is due to an error in 'sql/sql_table.cc', when the data home directory
contains a symlink to a different filesystem.");
script_tag(name:"solution", value:"Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha.");
script_tag(name:"summary", value:"The host is running MySQL and is prone to Access Restrictions Bypass
Vulnerability.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://lists.mysql.com/commits/59711");
script_xref(name:"URL", value:"http://bugs.mysql.com/bug.php?id=39277");
script_xref(name:"URL", value:"http://marc.info/?l=oss-security&m=125908040022018&w=2");
script_xref(name:"URL", value:"http://dev.mysql.com/downloads");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!sqlPort = get_app_port(cpe:CPE))
exit(0);
if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))
exit(0);
mysqlVer = eregmatch(pattern:"([0-9.a-z]+)", string:mysqlVer);
if(!mysqlVer[1])
exit(0);
if(version_in_range(version:mysqlVer[1], test_version:"5.0",test_version2:"5.0.87") ||
version_in_range(version:mysqlVer[1], test_version:"5.1",test_version2:"5.1.40")){
report = report_fixed_ver(installed_version:mysqlVer[1], fixed_version:"5.0.88/5.1.41");
security_message(port:sqlPort, data:report);
exit(0);
}
else if(mysqlVer[1] =~ "^6\.")
{
if(version_is_less(version:mysqlVer[1],test_version:"6.0.9a")){
report = report_fixed_ver(installed_version:mysqlVer[1], fixed_version:"6.0.9a");
security_message(port:sqlPort, data:report);
exit(0);
}
}
exit(99);
{"id": "OPENVAS:1361412562310801065", "type": "openvas", "bulletinFamily": "scanner", "title": "MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)", "description": "The host is running MySQL and is prone to Access Restrictions Bypass\n Vulnerability.", "published": "2009-12-04T00:00:00", "modified": "2019-03-07T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801065", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://lists.mysql.com/commits/59711", "http://marc.info/?l=oss-security&m=125908040022018&w=2", "http://dev.mysql.com/downloads", "http://bugs.mysql.com/bug.php?id=39277"], "cvelist": ["CVE-2008-7247"], "lastseen": "2019-05-29T18:40:24", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-7247"]}, {"type": "nessus", "idList": ["SUSE_11_2_LIBMYSQLCLIENT-DEVEL-091215.NASL", "MYSQL_5_0_88.NASL", "SUSE_11_2_LIBMYSQLCLIENT-DEVEL-100401.NASL", "FEDORA_2010-1348.NASL", "MYSQL_6_0_9.NASL", "MYSQL_5_1_41.NASL", "MANDRIVA_MDVSA-2010-044.NASL", "SUSE_11_0_LIBMYSQLCLIENT-DEVEL-091216.NASL", "SOLARIS11_MYSQL_20130924.NASL", "FEDORA_2010-1300.NASL"]}, {"type": "seebug", "idList": ["SSV:15004", "SSV:19118"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830902", "OPENVAS:830850", "OPENVAS:830902", "OPENVAS:1361412562310861936", "OPENVAS:861651", "OPENVAS:861936", "OPENVAS:1361412562310861651", "OPENVAS:1361412562310861707", "OPENVAS:1361412562310830850", "OPENVAS:861707"]}, {"type": "ubuntu", "idList": ["USN-1397-1", "USN-897-1"]}, {"type": "gentoo", "idList": ["GLSA-201201-02"]}, {"type": "threatpost", "idList": ["THREATPOST:4F867C686B7E31697E158FBD04A5DD35"]}], "modified": "2019-05-29T18:40:24", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-05-29T18:40:24", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "1361412562310801065", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_auth_bypass_vuln_lin.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:mysql:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801065\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-04 14:17:59 +0100 (Fri, 04 Dec 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-7247\");\n script_name(\"MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_dependencies(\"mysql_version.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow users to bypass intended access restrictions\n by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.0.x before 5.0.88, 5.1.x before 5.1.41, 6.0 before 6.0.9-alpha.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in 'sql/sql_table.cc', when the data home directory\n contains a symlink to a different filesystem.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha.\");\n\n script_tag(name:\"summary\", value:\"The host is running MySQL and is prone to Access Restrictions Bypass\n Vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://lists.mysql.com/commits/59711\");\n script_xref(name:\"URL\", value:\"http://bugs.mysql.com/bug.php?id=39277\");\n script_xref(name:\"URL\", value:\"http://marc.info/?l=oss-security&m=125908040022018&w=2\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/downloads\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE))\n exit(0);\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n exit(0);\n\nmysqlVer = eregmatch(pattern:\"([0-9.a-z]+)\", string:mysqlVer);\nif(!mysqlVer[1])\n exit(0);\n\nif(version_in_range(version:mysqlVer[1], test_version:\"5.0\",test_version2:\"5.0.87\") ||\n version_in_range(version:mysqlVer[1], test_version:\"5.1\",test_version2:\"5.1.40\")){\n report = report_fixed_ver(installed_version:mysqlVer[1], fixed_version:\"5.0.88/5.1.41\");\n security_message(port:sqlPort, data:report);\n exit(0);\n}\n\nelse if(mysqlVer[1] =~ \"^6\\.\")\n{\n if(version_is_less(version:mysqlVer[1],test_version:\"6.0.9a\")){\n report = report_fixed_ver(installed_version:mysqlVer[1], fixed_version:\"6.0.9a\");\n security_message(port:sqlPort, data:report);\n exit(0);\n }\n}\n\nexit(99);", "naslFamily": "Denial of Service"}
{"cve": [{"lastseen": "2020-10-03T11:51:06", "description": "sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.", "edition": 4, "cvss3": {}, "published": "2009-11-30T17:30:00", "title": "CVE-2008-7247", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7247"], "modified": "2019-12-17T20:26:00", "cpe": ["cpe:/a:oracle:mysql:5.0.27", "cpe:/a:mysql:mysql:5.0.4", "cpe:/a:mysql:mysql:5.1.23", "cpe:/a:oracle:mysql:6.0.4", "cpe:/a:oracle:mysql:5.1.13", "cpe:/a:mysql:mysql:5.0.0", "cpe:/a:oracle:mysql:5.0.81", "cpe:/a:oracle:mysql:5.1.17", "cpe:/a:oracle:mysql:5.1.30", "cpe:/a:oracle:mysql:5.1.21", "cpe:/a:oracle:mysql:5.0.30", "cpe:/a:mysql:mysql:5.0.5", "cpe:/a:oracle:mysql:5.1", "cpe:/a:oracle:mysql:5.1.16", "cpe:/a:oracle:mysql:5.0.12", "cpe:/a:oracle:mysql:5.0.38", "cpe:/a:oracle:mysql:5.0.51", "cpe:/a:mysql:mysql:5.0.66", "cpe:/a:oracle:mysql:5.0.7", "cpe:/a:oracle:mysql:5.0.19", "cpe:/a:mysql:mysql:5.0.60", "cpe:/a:oracle:mysql:6.0.2", "cpe:/a:oracle:mysql:5.0.23", "cpe:/a:mysql:mysql:5.0.1", "cpe:/a:oracle:mysql:6.0.1", "cpe:/a:mysql:mysql:5.0.24", "cpe:/a:oracle:mysql:5.1.3", "cpe:/a:oracle:mysql:5.0.21", "cpe:/a:oracle:mysql:5.0.33", "cpe:/a:oracle:mysql:5.1.8", "cpe:/a:oracle:mysql:5.1.11", "cpe:/a:oracle:mysql:5.0.0", "cpe:/a:mysql:mysql:5.0.22.1.0.1", "cpe:/a:oracle:mysql:5.0.26", "cpe:/a:oracle:mysql:5.1.14", "cpe:/a:oracle:mysql:5.1.1", "cpe:/a:oracle:mysql:5.1.2", "cpe:/a:oracle:mysql:5.0.32", "cpe:/a:mysql:mysql:5.0.20", "cpe:/a:oracle:mysql:5.1.4", "cpe:/a:oracle:mysql:5.1.18", "cpe:/a:oracle:mysql:5.0.52", "cpe:/a:oracle:mysql:5.1.10", "cpe:/a:oracle:mysql:5.1.12", "cpe:/a:mysql:mysql:5.0.30", "cpe:/a:mysql:mysql:5.0.3", "cpe:/a:oracle:mysql:5.0.13", "cpe:/a:oracle:mysql:5.0.45", "cpe:/a:oracle:mysql:5.1.22", "cpe:/a:mysql:mysql:5.0.54", "cpe:/a:mysql:mysql:5.1.32", "cpe:/a:mysql:mysql:5.0.2", "cpe:/a:oracle:mysql:5.0.83", "cpe:/a:oracle:mysql:5.0.41", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:oracle:mysql:5.1.19", "cpe:/a:oracle:mysql:5.1.9", "cpe:/a:oracle:mysql:5.0.14", "cpe:/a:oracle:mysql:5.0.11", "cpe:/a:oracle:mysql:5.0.75", "cpe:/a:mysql:mysql:5.0.56", "cpe:/a:mysql:mysql:5.0.44", "cpe:/a:oracle:mysql:5.1.15", "cpe:/a:oracle:mysql:5.0.25", "cpe:/a:oracle:mysql:5.0.8", "cpe:/a:mysql:mysql:5.0.5.0.21", "cpe:/a:mysql:mysql:5.1.5", "cpe:/a:oracle:mysql:6.0.3", "cpe:/a:oracle:mysql:5.0.77", "cpe:/a:oracle:mysql:5.1.6", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:5.0.6", "cpe:/a:oracle:mysql:6.0.0", "cpe:/a:mysql:mysql:5.0.82", "cpe:/a:oracle:mysql:5.1.20", "cpe:/a:mysql:mysql:5.0.36", "cpe:/a:mysql:mysql:6.0.9", "cpe:/a:oracle:mysql:5.0.3", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:oracle:mysql:5.0.37", "cpe:/a:oracle:mysql:5.1.7", "cpe:/a:oracle:mysql:5.0.50", "cpe:/a:oracle:mysql:5.0.42", "cpe:/a:oracle:mysql:5.0.18", "cpe:/a:oracle:mysql:5.0.22", "cpe:/a:mysql:mysql:5.0.17"], "id": "CVE-2008-7247", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7247", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-18T11:05:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "description": "Check for the Version of mysql", "modified": "2018-01-17T00:00:00", "published": "2010-02-22T00:00:00", "id": "OPENVAS:1361412562310830902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830902", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2010:044 (mysql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2010:044 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in mysql:\n\n MySQL is vulnerable to a symbolic link attack when the data home\n directory contains a symlink to a different filesystem which allows\n remote authenticated users to bypass intended access restrictions\n (CVE-2008-7247).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"mysql on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00046.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830902\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-22 13:38:33 +0100 (Mon, 22 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:044\");\n script_cve_id(\"CVE-2008-7247\");\n script_name(\"Mandriva Update for mysql MDVSA-2010:044 (mysql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common-core\", rpm:\"mysql-common-core~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-core\", rpm:\"mysql-core~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:05:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "description": "Check for the Version of mmc", "modified": "2018-01-18T00:00:00", "published": "2010-01-29T00:00:00", "id": "OPENVAS:1361412562310830850", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830850", "type": "openvas", "title": "Mandriva Update for mmc MDVA-2010:044 (mmc)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mmc MDVA-2010:044 (mmc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a bundle of MDS related packages that fixes numerous bugs.\n\n mmc-agent:\n * Fix password injection in LDIF file when running adduser hook\n * Set default value of shadowExpire to -1 to avoid account expiration\n messages\n * Fix bad peer reported by the connection debug message\n * Fix provisioning when authenticating using the local LDAP\n * Support for RFC3062 extended password change operation\n * The MDVA-2009:216 update caused regressions that is now fixed\n (#55912):\n * use %%py_puresitedir instead of %%py_platsitedir (misc)\n * remove arch dependent references\n \n mmc-web-base:\n * fix MMC login page with regards to the connect button and the\n language select widget\n * Update to scriptaculous V 1.8.3 (correct some problems when using\n with IE)\n * Ask web browser not to autocomplete input fields #52654\n * Fix password update bug #52654\n * New icons needed for Pulse 2\n \n mmc-web-network:\n * French translation update #52936\n * Spanish translation update\n \n mmc-web-samba:\n * French translation update #52936\n \n mmc-wizard:\n * fixes a typo error in mds.ini: shadowExpore instead of shadowExpire\n in [userDefault] (#57249).\";\n\ntag_affected = \"mmc on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00081.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830850\");\n script_version(\"$Revision: 8457 $\");\n script_cve_id(\"CVE-2008-7247\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-29 14:09:25 +0100 (Fri, 29 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:044\");\n script_name(\"Mandriva Update for mmc MDVA-2010:044 (mmc)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mmc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mmc-agent\", rpm:\"mmc-agent~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-web-base\", rpm:\"mmc-web-base~2.3.2~0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-web-network\", rpm:\"mmc-web-network~2.3.2~0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-web-samba\", rpm:\"mmc-web-samba~2.3.2~0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-wizard\", rpm:\"mmc-wizard~1.0~13.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-base\", rpm:\"python-mmc-base~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-mail\", rpm:\"python-mmc-mail~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-network\", rpm:\"python-mmc-network~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-proxy\", rpm:\"python-mmc-proxy~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-samba\", rpm:\"python-mmc-samba~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "description": "Check for the Version of mmc", "modified": "2017-12-21T00:00:00", "published": "2010-01-29T00:00:00", "id": "OPENVAS:830850", "href": "http://plugins.openvas.org/nasl.php?oid=830850", "type": "openvas", "title": "Mandriva Update for mmc MDVA-2010:044 (mmc)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mmc MDVA-2010:044 (mmc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is a bundle of MDS related packages that fixes numerous bugs.\n\n mmc-agent:\n * Fix password injection in LDIF file when running adduser hook\n * Set default value of shadowExpire to -1 to avoid account expiration\n messages\n * Fix bad peer reported by the connection debug message\n * Fix provisioning when authenticating using the local LDAP\n * Support for RFC3062 extended password change operation\n * The MDVA-2009:216 update caused regressions that is now fixed\n (#55912):\n * use %%py_puresitedir instead of %%py_platsitedir (misc)\n * remove arch dependent references\n \n mmc-web-base:\n * fix MMC login page with regards to the connect button and the\n language select widget\n * Update to scriptaculous V 1.8.3 (correct some problems when using\n with IE)\n * Ask web browser not to autocomplete input fields #52654\n * Fix password update bug #52654\n * New icons needed for Pulse 2\n \n mmc-web-network:\n * French translation update #52936\n * Spanish translation update\n \n mmc-web-samba:\n * French translation update #52936\n \n mmc-wizard:\n * fixes a typo error in mds.ini: shadowExpore instead of shadowExpire\n in [userDefault] (#57249).\";\n\ntag_affected = \"mmc on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00081.php\");\n script_id(830850);\n script_version(\"$Revision: 8205 $\");\n script_cve_id(\"CVE-2008-7247\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-29 14:09:25 +0100 (Fri, 29 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:044\");\n script_name(\"Mandriva Update for mmc MDVA-2010:044 (mmc)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mmc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mmc-agent\", rpm:\"mmc-agent~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-web-base\", rpm:\"mmc-web-base~2.3.2~0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-web-network\", rpm:\"mmc-web-network~2.3.2~0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-web-samba\", rpm:\"mmc-web-samba~2.3.2~0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mmc-wizard\", rpm:\"mmc-wizard~1.0~13.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-base\", rpm:\"python-mmc-base~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-mail\", rpm:\"python-mmc-mail~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-network\", rpm:\"python-mmc-network~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-proxy\", rpm:\"python-mmc-proxy~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-mmc-samba\", rpm:\"python-mmc-samba~2.3.2~0.5mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:18:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "description": "Check for the Version of mysql", "modified": "2017-12-19T00:00:00", "published": "2010-02-22T00:00:00", "id": "OPENVAS:830902", "href": "http://plugins.openvas.org/nasl.php?oid=830902", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2010:044 (mysql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2010:044 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in mysql:\n\n MySQL is vulnerable to a symbolic link attack when the data home\n directory contains a symlink to a different filesystem which allows\n remote authenticated users to bypass intended access restrictions\n (CVE-2008-7247).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"mysql on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00046.php\");\n script_id(830902);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-22 13:38:33 +0100 (Mon, 22 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:044\");\n script_cve_id(\"CVE-2008-7247\");\n script_name(\"Mandriva Update for mysql MDVSA-2010:044 (mysql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common-core\", rpm:\"mysql-common-core~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-core\", rpm:\"mysql-core~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:05:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247", "CVE-2009-4019"], "description": "Check for the Version of mysql", "modified": "2018-01-17T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:1361412562310861707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861707", "type": "openvas", "title": "Fedora Update for mysql FEDORA-2010-1300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mysql FEDORA-2010-1300\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mysql on Fedora 11\";\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld)\n and many different client programs and libraries. The base package\n contains the standard MySQL client programs and generic MySQL files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034591.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861707\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1300\");\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\");\n script_name(\"Fedora Update for mysql FEDORA-2010-1300\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~7.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:18:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247", "CVE-2009-4019"], "description": "Check for the Version of mysql", "modified": "2017-12-19T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:1361412562310861651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861651", "type": "openvas", "title": "Fedora Update for mysql FEDORA-2010-1348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mysql FEDORA-2010-1348\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mysql on Fedora 12\";\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld)\n and many different client programs and libraries. The base package\n contains the standard MySQL client programs and generic MySQL files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034642.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861651\");\n script_version(\"$Revision: 8168 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 08:30:15 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1348\");\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\");\n script_name(\"Fedora Update for mysql FEDORA-2010-1348\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~7.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247", "CVE-2009-4019"], "description": "Check for the Version of mysql", "modified": "2017-12-20T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:861707", "href": "http://plugins.openvas.org/nasl.php?oid=861707", "type": "openvas", "title": "Fedora Update for mysql FEDORA-2010-1300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mysql FEDORA-2010-1300\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mysql on Fedora 11\";\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld)\n and many different client programs and libraries. The base package\n contains the standard MySQL client programs and generic MySQL files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034591.html\");\n script_id(861707);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1300\");\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\");\n script_name(\"Fedora Update for mysql FEDORA-2010-1300\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~7.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:11:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247", "CVE-2009-4019"], "description": "Check for the Version of mysql", "modified": "2017-12-08T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:861651", "href": "http://plugins.openvas.org/nasl.php?oid=861651", "type": "openvas", "title": "Fedora Update for mysql FEDORA-2010-1348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mysql FEDORA-2010-1348\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mysql on Fedora 12\";\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld)\n and many different client programs and libraries. The base package\n contains the standard MySQL client programs and generic MySQL files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034642.html\");\n script_id(861651);\n script_version(\"$Revision: 8037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 07:32:03 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1348\");\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\");\n script_name(\"Fedora Update for mysql FEDORA-2010-1348\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~7.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T10:55:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1621", "CVE-2008-7247", "CVE-2009-4019"], "description": "Check for the Version of mysql", "modified": "2018-01-24T00:00:00", "published": "2010-05-17T00:00:00", "id": "OPENVAS:1361412562310861936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861936", "type": "openvas", "title": "Fedora Update for mysql FEDORA-2010-7414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mysql FEDORA-2010-7414\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mysql on Fedora 12\";\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld)\n and many different client programs and libraries. The base package\n contains the standard MySQL client programs and generic MySQL files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041367.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861936\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-7414\");\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\", \"CVE-2010-1621\");\n script_name(\"Fedora Update for mysql FEDORA-2010-7414\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.46~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:04:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1621", "CVE-2008-7247", "CVE-2009-4019"], "description": "Check for the Version of mysql", "modified": "2018-01-19T00:00:00", "published": "2010-05-17T00:00:00", "id": "OPENVAS:1361412562310861948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861948", "type": "openvas", "title": "Fedora Update for mysql FEDORA-2010-7355", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mysql FEDORA-2010-7355\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mysql on Fedora 11\";\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld)\n and many different client programs and libraries. The base package\n contains the standard MySQL client programs and generic MySQL files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041334.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861948\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-7355\");\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\", \"CVE-2010-1621\");\n script_name(\"Fedora Update for mysql FEDORA-2010-7355\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.46~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T03:54:39", "description": "The version of MySQL installed on the remote host is older than\n6.0.9-alpha / 5.5.3. As such, it reportedly allows\na remote attacker to bypass access restrictions when the data\ndirectory contains a symbolic link to a different file system.", "edition": 25, "published": "2012-01-18T00:00:00", "title": "MySQL < 6.0.9-alpha / 5.5.3 Access Control Weakness", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_6_0_9.NASL", "href": "https://www.tenable.com/plugins/nessus/17837", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17837);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2008-7247\");\n script_bugtraq_id(38043);\n\n script_name(english:\"MySQL < 6.0.9-alpha / 5.5.3 Access Control Weakness\");\n script_summary(english:\"Checks version of MySQL server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Access restrictions can be bypassed on the remote database server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is older than\n6.0.9-alpha / 5.5.3. As such, it reportedly allows\na remote attacker to bypass access restrictions when the data\ndirectory contains a symbolic link to a different file system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=oss-security&m=125908040022018&w\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.mysql.com/commits/59711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=39277\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL version 6.0.9-alpha / 5.5.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\nmysql_check_version(fixed:make_list('5.5.3', '6.0.9'), severity:SECURITY_WARNING);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:57", "description": "Add backported patch for CVE-2008-7247 Use non-expired certificates\nfor SSL testing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : mysql-5.1.42-7.fc12 (2010-1348)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mysql", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-1348.NASL", "href": "https://www.tenable.com/plugins/nessus/47248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1348.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47248);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-7247\");\n script_bugtraq_id(37297, 38043);\n script_xref(name:\"FEDORA\", value:\"2010-1348\");\n\n script_name(english:\"Fedora 12 : mysql-5.1.42-7.fc12 (2010-1348)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add backported patch for CVE-2008-7247 Use non-expired certificates\nfor SSL testing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=543619\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f933c56\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"mysql-5.1.42-7.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:35", "description": "A vulnerability has been found and corrected in mysql :\n\nMySQL is vulnerable to a symbolic link attack when the data home\ndirectory contains a symlink to a different filesystem which allows\nremote authenticated users to bypass intended access restrictions\n(CVE-2008-7247).\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : mysql (MDVSA-2010:044)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "modified": "2010-07-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mysql-doc", "p-cpe:/a:mandriva:linux:mysql-ndb-management", "p-cpe:/a:mandriva:linux:mysql-bench", "p-cpe:/a:mandriva:linux:mysql", "p-cpe:/a:mandriva:linux:mysql-core", "p-cpe:/a:mandriva:linux:libmysql-devel", "p-cpe:/a:mandriva:linux:mysql-max", "p-cpe:/a:mandriva:linux:mysql-ndb-tools", "p-cpe:/a:mandriva:linux:libmysql16", "p-cpe:/a:mandriva:linux:lib64mysql-static-devel", "p-cpe:/a:mandriva:linux:mysql-ndb-storage", "p-cpe:/a:mandriva:linux:mysql-common", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:mysql-common-core", "p-cpe:/a:mandriva:linux:mysql-ndb-extra", "p-cpe:/a:mandriva:linux:lib64mysql16", "p-cpe:/a:mandriva:linux:mysql-client", "p-cpe:/a:mandriva:linux:lib64mysql-devel", "p-cpe:/a:mandriva:linux:libmysql-static-devel"], "id": "MANDRIVA_MDVSA-2010-044.NASL", "href": "https://www.tenable.com/plugins/nessus/48175", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:044. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48175);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-7247\");\n script_bugtraq_id(38043);\n script_xref(name:\"MDVSA\", value:\"2010:044\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mysql (MDVSA-2010:044)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in mysql :\n\nMySQL is vulnerable to a symbolic link attack when the data home\ndirectory contains a symlink to a different filesystem which allows\nremote authenticated users to bypass intended access restrictions\n(CVE-2008-7247).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64mysql16-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libmysql-devel-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libmysql-static-devel-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libmysql16-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-bench-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-client-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-common-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-doc-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-max-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-extra-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-management-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-storage-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-tools-5.1.42-0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mysql16-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmysql-devel-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmysql-static-devel-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmysql16-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-bench-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-client-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-common-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-common-core-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-core-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-doc-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-max-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-extra-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-management-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-storage-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-tools-5.1.42-0.2mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:55", "description": "Add backported patch for CVE-2008-7247 Use non-expired certificates\nfor SSL testing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : mysql-5.1.42-7.fc11 (2010-1300)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-7247"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mysql", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-1300.NASL", "href": "https://www.tenable.com/plugins/nessus/47246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1300.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47246);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-7247\");\n script_bugtraq_id(37297, 38043);\n script_xref(name:\"FEDORA\", value:\"2010-1300\");\n\n script_name(english:\"Fedora 11 : mysql-5.1.42-7.fc11 (2010-1300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add backported patch for CVE-2008-7247 Use non-expired certificates\nfor SSL testing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=543619\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034591.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a362fe02\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"mysql-5.1.42-7.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:53:45", "description": "The version of MySQL 5.0 installed on the remote host is earlier than\n5.0.88. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - MySQL clients linked against OpenSSL are vulnerable\n to man-in-the-middle attacks. (Bug #47320)\n\n - The GeomFromWKB() function can be manipulated\n to cause a denial of service. (Bug #47780)\n\n - Specially crafted SELECT statements containing sub-\n queries in the WHERE clause can cause the server\n to crash. (Bug #48291)\n\n - It is possible to bypass access restrictions when the\n data directory contains a symbolic link to a different\n file system. (Bug #39277)", "edition": 26, "published": "2009-11-25T00:00:00", "title": "MySQL 5.0 < 5.0.88 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4452", "CVE-2009-4028", "CVE-2008-7247", "CVE-2009-4019"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_5_0_88.NASL", "href": "https://www.tenable.com/plugins/nessus/42899", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42899);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2012-4452\", \"CVE-2009-4019\", \"CVE-2009-4028\", \"CVE-2008-7247\");\n script_bugtraq_id(37076, 37297, 38043);\n script_xref(name:\"Secunia\", value:\"37372\");\n\n script_name(english:\"MySQL 5.0 < 5.0.88 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of MySQL 5.0 Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL 5.0 installed on the remote host is earlier than\n5.0.88. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - MySQL clients linked against OpenSSL are vulnerable\n to man-in-the-middle attacks. (Bug #47320)\n\n - The GeomFromWKB() function can be manipulated\n to cause a denial of service. (Bug #47780)\n\n - Specially crafted SELECT statements containing sub-\n queries in the WHERE clause can cause the server\n to crash. (Bug #48291)\n\n - It is possible to bypass access restrictions when the\n data directory contains a symbolic link to a different\n file system. (Bug #39277)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=47320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=47780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=48291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=39277\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL 5.0.88 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\nvuln = FALSE;\n\nif (mysql_init(port:port, exit_on_fail:TRUE) == 1)\n{\n variant = mysql_get_variant();\n version = mysql_get_version();\n ver_fields = split(version, sep:'.', keep:FALSE);\n major = int(ver_fields[0]);\n minor = int(ver_fields[1]);\n rev = int(ver_fields[2]);\n\n if (\n !isnull(variant) && \"Community\" >< variant &&\n strlen(version) &&\n major == 5 && minor == 0 && rev < 88\n )\n {\n vuln = TRUE;\n }\n}\nelse exit(1, \"Can't establish a MySQL connection on port \"+port+\".\");\n\nmysql_close();\n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report = '\nInstalled version : ' + version + '\nFixed version : 5.0.88\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse\n{\n if (isnull(variant)) exit(1, \"Can't determine the variant of MySQL listening on port \"+port+\".\");\n else if (\"Community\" >< variant) exit(0, \"MySQL version \"+version+\" is listening on port \"+port+\" and is not affected.\");\n else exit(0, \"MySQL \"+variant+\" is listening on port \"+port+\" and is not affected.\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T14:13:18", "description": "Updated MySQL packages fix the following bugs :\n\n - upstream #47320 - checking server certificates.\n (CVE-2009-4028)\n\n - upstream #48291 - error handling in subqueries.\n (CVE-2009-4019)\n\n - upstream #47780 - preserving null_value flag in\n GeomFromWKB(). (CVE-2009-4019)\n\n - upstream #39277 - symlink behaviour fixed.\n (CVE-2008-7247)\n\n - upstream #32167 - symlink behaviour refixed\n (CVE-2009-4030)", "edition": 24, "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : MySQL (SAT Patch Number 2317)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4030", "CVE-2009-4028", "CVE-2008-7247", "CVE-2009-4019"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mysql-client", "p-cpe:/a:novell:suse_linux:11:mysql-Max", "p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15", "p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit", "p-cpe:/a:novell:suse_linux:11:mysql", "p-cpe:/a:novell:suse_linux:11:libmysqlclient15"], "id": "SUSE_11_LIBMYSQLCLIENT-DEVEL-100429.NASL", "href": "https://www.tenable.com/plugins/nessus/50935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50935);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\", \"CVE-2009-4028\", \"CVE-2009-4030\");\n\n script_name(english:\"SuSE 11 Security Update : MySQL (SAT Patch Number 2317)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated MySQL packages fix the following bugs :\n\n - upstream #47320 - checking server certificates.\n (CVE-2009-4028)\n\n - upstream #48291 - error handling in subqueries.\n (CVE-2009-4019)\n\n - upstream #47780 - preserving null_value flag in\n GeomFromWKB(). (CVE-2009-4019)\n\n - upstream #39277 - symlink behaviour fixed.\n (CVE-2008-7247)\n\n - upstream #32167 - symlink behaviour refixed\n (CVE-2009-4030)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-7247.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4030.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2317.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libmysqlclient15-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libmysqlclient_r15-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mysql-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mysql-client-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libmysqlclient15-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libmysqlclient15-32bit-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libmysqlclient_r15-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libmysqlclient_r15-32bit-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mysql-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mysql-client-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libmysqlclient15-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libmysqlclient_r15-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mysql-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mysql-Max-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mysql-client-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libmysqlclient15-32bit-5.0.67-13.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libmysqlclient15-32bit-5.0.67-13.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:04:47", "description": "Updated mysql packages fix the following bugs :\n\n - upstream #47320 - checking server certificates\n (CVE-2009-4028)\n\n - upstream #48291 - error handling in subqueries\n (CVE-2009-4019)\n\n - upstream #47780 - preserving null_value flag in\n GeomFromWKB() (CVE-2009-4019)\n\n - upstream #39277 - symlink behaviour fixed\n (CVE-2008-7247)\n\n - upstream #32167 - symlink behaviour refixed\n (CVE-2009-4030)", "edition": 25, "published": "2010-05-05T00:00:00", "title": "openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4030", "CVE-2009-4028", "CVE-2008-7247", "CVE-2009-4019"], "modified": "2010-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql-test", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:opensuse:mysql-client", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit", "p-cpe:/a:novell:opensuse:mysql-tools", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mysql-Max", "p-cpe:/a:novell:opensuse:libmysqlclient15-32bit", "p-cpe:/a:novell:opensuse:mysql-debug", "p-cpe:/a:novell:opensuse:libmysqlclient_r15", "p-cpe:/a:novell:opensuse:mysql-bench", "p-cpe:/a:novell:opensuse:libmysqlclient15"], "id": "SUSE_11_1_LIBMYSQLCLIENT-DEVEL-100401.NASL", "href": "https://www.tenable.com/plugins/nessus/46232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclient-devel-2315.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46232);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\", \"CVE-2009-4028\", \"CVE-2009-4030\");\n\n script_name(english:\"openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)\");\n script_summary(english:\"Check for the libmysqlclient-devel-2315 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages fix the following bugs :\n\n - upstream #47320 - checking server certificates\n (CVE-2009-4028)\n\n - upstream #48291 - error handling in subqueries\n (CVE-2009-4019)\n\n - upstream #47780 - preserving null_value flag in\n GeomFromWKB() (CVE-2009-4019)\n\n - upstream #39277 - symlink behaviour fixed\n (CVE-2008-7247)\n\n - upstream #32167 - symlink behaviour refixed\n (CVE-2009-4030)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclient-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmysqlclient-devel-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmysqlclient15-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmysqlclient_r15-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-Max-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-bench-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-client-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-debug-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-test-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-tools-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libmysqlclient15-32bit-5.0.67-12.17.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libmysqlclient_r15-32bit-5.0.67-12.17.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient15 / libmysqlclient15-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:06:05", "description": "This update fixes several security issues in mysql :\n\n - checking server certificates (CVE-2009-4028)\n\n - error handling in subqueries (CVE-2009-4019)\n\n - preserving null_value flag in GeomFromWKB\n (CVE-2009-4019)\n\n - symlink behavior fixed (CVE-2008-7247)\n\n - symlink behavior refixed (CVE-2009-4030)", "edition": 25, "published": "2010-05-04T00:00:00", "title": "openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4030", "CVE-2009-4028", "CVE-2008-7247", "CVE-2009-4019"], "modified": "2010-05-04T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql-test", "p-cpe:/a:novell:opensuse:libmysqlclient16-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mysql-ndb-storage", "p-cpe:/a:novell:opensuse:mysql-ndb-management", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:opensuse:mysql-client", "p-cpe:/a:novell:opensuse:libmysqlclient16", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:mysql-ndb-tools", "p-cpe:/a:novell:opensuse:mysql-tools", "p-cpe:/a:novell:opensuse:mysql-ndb-extra", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mysql-debug", "p-cpe:/a:novell:opensuse:libmysqlclient_r16", "p-cpe:/a:novell:opensuse:libmysqlclient_r16-32bit", "p-cpe:/a:novell:opensuse:mysql-bench"], "id": "SUSE_11_2_LIBMYSQLCLIENT-DEVEL-091215.NASL", "href": "https://www.tenable.com/plugins/nessus/46220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclient-devel-1706.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46220);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\", \"CVE-2009-4028\", \"CVE-2009-4030\");\n\n script_name(english:\"openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)\");\n script_summary(english:\"Check for the libmysqlclient-devel-1706 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in mysql :\n\n - checking server certificates (CVE-2009-4028)\n\n - error handling in subqueries (CVE-2009-4019)\n\n - preserving null_value flag in GeomFromWKB\n (CVE-2009-4019)\n\n - symlink behavior fixed (CVE-2008-7247)\n\n - symlink behavior refixed (CVE-2009-4030)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclient-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqlclient-devel-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqlclient16-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqlclient_r16-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqld-devel-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-bench-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-client-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-debug-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-extra-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-management-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-storage-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-tools-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-test-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-tools-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libmysqlclient16-32bit-5.1.36-6.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r16-32bit-5.1.36-6.8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient16 / libmysqlclient16-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:06:05", "description": "Updated mysql packages fix the following bugs :\n\n - upstream #47320 - checking server certificates\n (CVE-2009-4028)\n\n - upstream #48291 - error handling in subqueries\n (CVE-2009-4019)\n\n - upstream #47780 - preserving null_value flag in\n GeomFromWKB() (CVE-2009-4019)\n\n - upstream #39277 - symlink behaviour fixed\n (CVE-2008-7247)\n\n - upstream #32167 - symlink behaviour refixed\n (CVE-2009-4030)", "edition": 25, "published": "2010-05-05T00:00:00", "title": "openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4030", "CVE-2009-4028", "CVE-2008-7247", "CVE-2009-4019"], "modified": "2010-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql-test", "p-cpe:/a:novell:opensuse:libmysqlclient16-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:mysql-ndb-storage", "p-cpe:/a:novell:opensuse:mysql-ndb-management", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:opensuse:mysql-client", "p-cpe:/a:novell:opensuse:libmysqlclient16", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:mysql-ndb-tools", "p-cpe:/a:novell:opensuse:mysql-tools", "p-cpe:/a:novell:opensuse:mysql-ndb-extra", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mysql-debug", "p-cpe:/a:novell:opensuse:libmysqlclient_r16", "p-cpe:/a:novell:opensuse:libmysqlclient_r16-32bit", "p-cpe:/a:novell:opensuse:mysql-bench"], "id": "SUSE_11_2_LIBMYSQLCLIENT-DEVEL-100401.NASL", "href": "https://www.tenable.com/plugins/nessus/46235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclient-devel-2315.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46235);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\", \"CVE-2009-4028\", \"CVE-2009-4030\");\n\n script_name(english:\"openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)\");\n script_summary(english:\"Check for the libmysqlclient-devel-2315 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages fix the following bugs :\n\n - upstream #47320 - checking server certificates\n (CVE-2009-4028)\n\n - upstream #48291 - error handling in subqueries\n (CVE-2009-4019)\n\n - upstream #47780 - preserving null_value flag in\n GeomFromWKB() (CVE-2009-4019)\n\n - upstream #39277 - symlink behaviour fixed\n (CVE-2008-7247)\n\n - upstream #32167 - symlink behaviour refixed\n (CVE-2009-4030)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclient-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqlclient-devel-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqlclient16-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqlclient_r16-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libmysqld-devel-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-bench-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-client-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-debug-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-extra-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-management-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-storage-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-ndb-tools-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-test-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mysql-tools-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libmysqlclient16-32bit-5.1.36-6.8.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r16-32bit-5.1.36-6.8.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient16 / libmysqlclient16-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:04:47", "description": "This update fixes several security issues in mysql :\n\n - checking server certificates (CVE-2009-4028)\n\n - error handling in subqueries (CVE-2009-4019)\n\n - preserving null_value flag in GeomFromWKB\n (CVE-2009-4019)\n\n - symlink behavior fixed (CVE-2008-7247)\n\n - symlink behavior refixed (CVE-2009-4030)", "edition": 25, "published": "2010-05-04T00:00:00", "title": "openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4030", "CVE-2009-4028", "CVE-2008-7247", "CVE-2009-4019"], "modified": "2010-05-04T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql-test", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:opensuse:mysql-client", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit", "p-cpe:/a:novell:opensuse:mysql-tools", "p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:mysql-Max", "p-cpe:/a:novell:opensuse:libmysqlclient15-32bit", "p-cpe:/a:novell:opensuse:mysql-debug", "p-cpe:/a:novell:opensuse:libmysqlclient_r15", "p-cpe:/a:novell:opensuse:mysql-bench", "p-cpe:/a:novell:opensuse:libmysqlclient15"], "id": "SUSE_11_1_LIBMYSQLCLIENT-DEVEL-091216.NASL", "href": "https://www.tenable.com/plugins/nessus/46219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclient-devel-1706.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46219);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-7247\", \"CVE-2009-4019\", \"CVE-2009-4028\", \"CVE-2009-4030\");\n\n script_name(english:\"openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)\");\n script_summary(english:\"Check for the libmysqlclient-devel-1706 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in mysql :\n\n - checking server certificates (CVE-2009-4028)\n\n - error handling in subqueries (CVE-2009-4019)\n\n - preserving null_value flag in GeomFromWKB\n (CVE-2009-4019)\n\n - symlink behavior fixed (CVE-2008-7247)\n\n - symlink behavior refixed (CVE-2009-4030)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclient-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmysqlclient-devel-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmysqlclient15-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmysqlclient_r15-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-Max-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-bench-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-client-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-debug-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-test-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mysql-tools-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libmysqlclient15-32bit-5.0.67-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libmysqlclient_r15-32bit-5.0.67-12.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient15 / libmysqlclient15-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:27:52", "description": "CVE ID: CVE-2008-7247\r\n\r\nMySQL\u662f\u4e00\u6b3e\u4f7f\u7528\u975e\u5e38\u5e7f\u6cdb\u7684\u5f00\u653e\u6e90\u4ee3\u7801\u5173\u7cfb\u6570\u636e\u5e93\u7cfb\u7edf\uff0c\u62e5\u6709\u5404\u79cd\u5e73\u53f0\u7684\u8fd0\u884c\u7248\u672c\u3002\r\n\r\n\u5f53\u6570\u636e\u4e3b\u76ee\u5f55\u5305\u542b\u6709\u5230\u4e0d\u540c\u6587\u4ef6\u7cfb\u7edf\u7684\u7b26\u53f7\u94fe\u63a5\u65f6\uff0cMySQL\u7684ql/sql_table.cc\u5141\u8bb8\u901a\u8fc7\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u4ee5\u7279\u6b8aDATA DIRECTORY\u6216INDEX DIRECTORY\u53c2\u6570\u8c03\u7528CREATE TABLE\u7ed5\u8fc7\u9884\u671f\u7684\u8bbf\u95ee\u9650\u5236\uff0c\u6267\u884c\u5404\u79cd\u975e\u6388\u6743\u64cd\u4f5c\u3002\n\nMySQL AB MySQL 6.0 \r\nMySQL AB MySQL 5.1.x \r\nMySQL AB MySQL 5.0.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMySQL AB\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://lists.mysql.com/commits/59711", "published": "2009-12-02T00:00:00", "type": "seebug", "title": "MySQL CREATE TABLE\u8c03\u7528\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-7247"], "modified": "2009-12-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15004", "id": "SSV:15004", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:15:11", "description": "No description provided by source.", "published": "2010-02-13T00:00:00", "title": "MySQL vulnerabilities", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4098", "CVE-2008-4456", "CVE-2008-7247", "CVE-2009-2446", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4484"], "modified": "2010-02-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19118", "id": "SSV:19118", "sourceData": "\n ===========================================================\r\nUbuntu Security Notice USN-897-1 February 10, 2010\r\nmysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities\r\nCVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446,\r\nCVE-2009-4019, CVE-2009-4030, CVE-2009-4484\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n mysql-server-5.0 5.0.22-0ubuntu6.06.12\r\n\r\nUbuntu 8.04 LTS:\r\n mysql-server-5.0 5.0.51a-3ubuntu5.5\r\n\r\nUbuntu 8.10:\r\n mysql-server-5.0 5.0.67-0ubuntu6.1\r\n\r\nUbuntu 9.04:\r\n mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.3\r\n\r\nUbuntu 9.10:\r\n mysql-server-5.1 5.1.37-1ubuntu5.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that MySQL could be made to overwrite existing table\r\nfiles in the data directory. An authenticated user could use the DATA\r\nDIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks.\r\nThis update alters table creation behaviour by disallowing the use of the\r\nMySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This\r\nissue only affected Ubuntu 8.10. (CVE-2008-4098) \r\n\r\nIt was discovered that MySQL contained a cross-site scripting vulnerability\r\nin the command-line client when the --html option is enabled. An attacker\r\ncould place arbitrary web script or html in a database cell, which would\r\nthen get placed in the html document output by the command-line tool. This\r\nissue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04.\r\n(CVE-2008-4456)\r\n\r\nIt was discovered that MySQL could be made to overwrite existing table\r\nfiles in the data directory. An authenticated user could use symlinks\r\ncombined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly\r\nbypass privilege checks. This issue only affected Ubuntu 9.10.\r\n(CVE-2008-7247)\r\n\r\nIt was discovered that MySQL contained multiple format string flaws when\r\nlogging database creation and deletion. An authenticated user could use\r\nspecially crafted database names to make MySQL crash, causing a denial of\r\nservice. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04.\r\n(CVE-2009-2446)\r\n\r\nIt was discovered that MySQL incorrectly handled errors when performing\r\ncertain SELECT statements, and did not preserve correct flags when\r\nperforming statements that use the GeomFromWKB function. An authenticated\r\nuser could exploit this to make MySQL crash, causing a denial of service.\r\n(CVE-2009-4019)\r\n\r\nIt was discovered that MySQL incorrectly checked symlinks when using the\r\nDATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks\r\nto create tables that pointed to tables known to be created at a later\r\ntime, bypassing access restrictions. (CVE-2009-4030)\r\n\r\nIt was discovered that MySQL contained a buffer overflow when parsing\r\nssl certificates. A remote attacker could send crafted requests and cause a\r\ndenial of service or possibly execute arbitrary code. This issue did not\r\naffect Ubuntu 6.06 LTS and the default compiler options for affected\r\nreleases should reduce the vulnerability to a denial of service. In the\r\ndefault installation, attackers would also be isolated by the AppArmor\r\nMySQL profile. (CVE-2009-4484)\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22 \\\r\n-0ubuntu6.06.12.diff.gz Size/MD5: 167876 00d09bda2a9e6a8d09bb9b871987049f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22 \\\r\n-0ubuntu6.06.12.dsc Size/MD5: 1125 a7e5e72f375a937a016791eb938b0c43\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22 \\\r\n.orig.tar.gz Size/MD5: 18446645 2b8f36364373461190126817ec872031\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0 \\\r\nubuntu6.06.12_all.deb Size/MD5: 39254 29bd1bf7821777bb0ff45362efaae9c1\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0 \\\r\nubuntu6.06.12_all.deb Size/MD5: 41802 55fc2a62d0f6c1cb6d6d3ee486bf1dbe\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0 \\\r\nubuntu6.06.12_all.deb Size/MD5: 39260 9d590dbd861ae98c88273f254eeac160\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.22-0ubuntu6.06.12_amd64.deb Size/MD5: 6730446 10c7d0a9787128bbbe1eb26675a7d657\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5 \\\r\n.0.22-0ubuntu6.06.12_amd64.deb Size/MD5: 1424244 b446087d5d5d6347cfbb18c702a8a58b\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n22-0ubuntu6.06.12_amd64.deb Size/MD5: 6898198 2cc1f733f990a7952a940a48a39e43e4\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n22-0ubuntu6.06.12_amd64.deb Size/MD5: 22493888 dda28be78a9efd6a58c3cd5a05271570\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.22-0ubuntu6.06.12_i386.deb Size/MD5: 6143164 fa552022904e46d3d7d06bda09b6ed1b\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5 \\\r\n.0.22-0ubuntu6.06.12_i386.deb Size/MD5: 1384680 1ac135a8d8582014b642e07f0e43e7a2\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n22-0ubuntu6.06.12_i386.deb Size/MD5: 6279786 438c8f54ffe6c48e67444b4f4fe9e831\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n22-0ubuntu6.06.12_i386.deb Size/MD5: 21353338 aacc9a20e8a4dc73e54334af61e093d1\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.22-0ubuntu6.06.12_powerpc.deb Size/MD5: 6887098 \\\r\n933d514a51e9bdbd71e1892c510d5972 \\\r\nhttp://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.2 \\\r\n2-0ubuntu6.06.12_powerpc.deb Size/MD5: 1464520 cba00b39363cd2c84cd241cef114c146\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n22-0ubuntu6.06.12_powerpc.deb Size/MD5: 6945458 4d66c9c564888ed5083c5460d62571ff\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n22-0ubuntu6.06.12_powerpc.deb Size/MD5: 22708438 f0df7d903d21e30015719606277c331e\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.22-0ubuntu6.06.12_sparc.deb Size/MD5: 6435878 2fe1f669d28c49ecac247ff966da1d74\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5 \\\r\n.0.22-0ubuntu6.06.12_sparc.deb Size/MD5: 1436656 a4bc7daef42f56b4c7631979c1fb4205\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n22-0ubuntu6.06.12_sparc.deb Size/MD5: 6546076 cf3c1b3a58c5c751e505039effd2736b\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n22-0ubuntu6.06.12_sparc.deb Size/MD5: 21974626 0e5b525a96691d3846141872be033343\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51 \\\r\na-3ubuntu5.5.diff.gz Size/MD5: 339669 5d60913fc963e3e79d7359ad34e01d73\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51 \\\r\na-3ubuntu5.5.dsc Size/MD5: 1431 550486d7eb0d9bb0a16d9b6354c5ce63\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51 \\\r\na.orig.tar.gz Size/MD5: 17946664 6fae978908ad5eb790fa3f24f16dadba\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a- \\\r\n3ubuntu5.5_all.deb Size/MD5: 52524 255aa521be7f73f8609f8ff34e2d9cb2\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a- \\\r\n3ubuntu5.5_all.deb Size/MD5: 60760 029a306a41330da1162d8a6271903ea7\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a- \\\r\n3ubuntu5.5_all.deb Size/MD5: 54718 1c739e3d3ba80d59e84daa50bbc7b108\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.51a-3ubuntu5.5_amd64.deb Size/MD5: 7595714 aa4e4d10ffaeb884b689e31a1cef78f6\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5 \\\r\n.0.51a-3ubuntu5.5_amd64.deb Size/MD5: 1878318 e6f3c214a9a9dd43c7544c9d483c6dc8\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n51a-3ubuntu5.5_amd64.deb Size/MD5: 8243190 60fadf98f4a486a341d68e5fb64242f0\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n51a-3ubuntu5.5_amd64.deb Size/MD5: 28019550 2def1acb4f58487fe46354c07697f70f\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.51a-3ubuntu5.5_i386.deb Size/MD5: 7217088 a5c18f67da82686380e498164baf9eb8\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5 \\\r\n.0.51a-3ubuntu5.5_i386.deb Size/MD5: 1837214 75ed6085799e4c41404024e6b3b6cfb0\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n51a-3ubuntu5.5_i386.deb Size/MD5: 7827620 12f85552fbbb64e2345e732732973824\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n51a-3ubuntu5.5_i386.deb Size/MD5: 27429242 8f3a8be947c0fcceb832e6624e10b659\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3u \\\r\nbuntu5.5_lpia.deb Size/MD5: 7161686 8597c58cf4965174975630dbb049485f\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ub \\\r\nuntu5.5_lpia.deb Size/MD5: 1827214 1aa581c6751818c4fe1f0ce6bfb18e6f\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubunt \\\r\nu5.5_lpia.deb Size/MD5: 7841430 b289175e0013db05378e3f9cd427db65\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubunt \\\r\nu5.5_lpia.deb Size/MD5: 27358930 45969231c1d332db54f738e36da39abe\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3u \\\r\nbuntu5.5_powerpc.deb Size/MD5: 7588138 4f767c278a4ba51b5083fd9ae4374325\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ub \\\r\nuntu5.5_powerpc.deb Size/MD5: 1916056 d82c00070c1c0d9f4a58a7f1977eea62\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubunt \\\r\nu5.5_powerpc.deb Size/MD5: 8242628 8482aeb1c190500043f9b9b74ca3328c\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubunt \\\r\nu5.5_powerpc.deb Size/MD5: 28345180 75de60d6fac901c43e1c032b4c4ccdc8\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3u \\\r\nbuntu5.5_sparc.deb Size/MD5: 7200904 de677b3281d476c8c2ab38858f055f51\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ub \\\r\nuntu5.5_sparc.deb Size/MD5: 1846732 27a62502a5dd87bbcdf917391ab3583f\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubunt \\\r\nu5.5_sparc.deb Size/MD5: 7832466 39ee953d7ac9b1a3bb13a3ba6976a062\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubunt \\\r\nu5.5_sparc.deb Size/MD5: 27644158 62d3802f26217949a10152c120491b92\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.67 \\\r\n-0ubuntu6.1.diff.gz Size/MD5: 336351 a373771dfabdc93b4171d9478a36ea5a\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.67 \\\r\n-0ubuntu6.1.dsc Size/MD5: 1845 c2756cc5a230d0eeab3c766031df39c8\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.67 \\\r\n.orig.tar.gz Size/MD5: 18190615 3c868d130a0edf4c9dd1da64fe141975\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.67-0 \\\r\nubuntu6.1_all.deb Size/MD5: 53318 1910e22b6ab49e474b2173fe3355218c\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.67-0 \\\r\nubuntu6.1_all.deb Size/MD5: 61272 2da508710dafbd9a9b562cf8887f4b6b\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.67-0 \\\r\nubuntu6.1_all.deb Size/MD5: 55508 6abad70a6b59c6a682aadb36449ca324\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.67-0ubuntu6.1_amd64.deb Size/MD5: 7683166 3395c05fb294228283085ba373266e81\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5 \\\r\n.0.67-0ubuntu6.1_amd64.deb Size/MD5: 1877112 e9aa4cb777e27bcc82edaa3654313b47\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n67-0ubuntu6.1_amd64.deb Size/MD5: 8282998 739613274c6831eb3e2a1b3838f2defb\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n67-0ubuntu6.1_amd64.deb Size/MD5: 27449918 7bbfd1737acd0316f7fc98371b67959e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.0.67-0ubuntu6.1_i386.deb Size/MD5: 7295910 c4a4b4ffa0e6d27b45c06bb2f82793b6\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5 \\\r\n.0.67-0ubuntu6.1_i386.deb Size/MD5: 1841126 9d2f4ec8c855eaf53097fc25d3b4ebdd\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0. \\\r\n67-0ubuntu6.1_i386.deb Size/MD5: 7882140 0628692852a8224ebedb2fc6c93ab0dc\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0. \\\r\n67-0ubuntu6.1_i386.deb Size/MD5: 26845390 f6837acba0ce00d6f47c7286873d9555\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.67-0ub \\\r\nuntu6.1_lpia.deb Size/MD5: 7238848 8453be364e88a877e637d20d76277e1c\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.67-0ubu \\\r\nntu6.1_lpia.deb Size/MD5: 1829966 efd8e067d658633086a22b689c18a0fb\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.67-0ubuntu \\\r\n6.1_lpia.deb Size/MD5: 7876470 c3321d38368f6f3cfc1b2f0943571c9d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.67-0ubuntu \\\r\n6.1_lpia.deb Size/MD5: 26771148 c0f9db9c9e5fcc35ab31961486466397\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.67-0ub \\\r\nuntu6.1_powerpc.deb Size/MD5: 7698848 a770ab25d31340131a7b6b00ae246654\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.67-0ubu \\\r\nntu6.1_powerpc.deb Size/MD5: 1886412 f4e50087f47afa8b2ff26b780f83cd73\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.67-0ubuntu \\\r\n6.1_powerpc.deb Size/MD5: 8233508 0ce915b511dfab829cd19cb5a13c199b\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.67-0ubuntu \\\r\n6.1_powerpc.deb Size/MD5: 27424328 fa89227e20fc7ca82539bbdbcdc47a0b\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.67-0ub \\\r\nuntu6.1_sparc.deb Size/MD5: 7216146 d35e071761c46fe5925fb899bc928bc7\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.67-0ubu \\\r\nntu6.1_sparc.deb Size/MD5: 1850628 9920dfdbcbb1bae208a3cf98ea939dc3\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.67-0ubuntu \\\r\n6.1_sparc.deb Size/MD5: 7843558 bc0ca5889cc4e548dfffdc36349c39d8\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.67-0ubuntu \\\r\n6.1_sparc.deb Size/MD5: 26978336 39ead5bdd637f37ecab2cdc9a80ff0f4\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.1.30 \\\r\nreally5.0.75-0ubuntu10.3.diff.gz Size/MD5: 352203 0ec231929483bcf16d96cdb9b0f58c9f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.1.30 \\\r\nreally5.0.75-0ubuntu10.3.dsc Size/MD5: 1956 786a69531e3997a24963c2289c2f99a4\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.1.30 \\\r\nreally5.0.75.orig.tar.gz Size/MD5: 18275990 81153cfb1108f858446a69c6371fd9f3\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.1.30re \\\r\nally5.0.75-0ubuntu10.3_all.deb Size/MD5: 55530 065b5eb033ab08fc571597578111c6bd\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.1.30re \\\r\nally5.0.75-0ubuntu10.3_all.deb Size/MD5: 63400 526faed8d9ba168839a9d84aad4fc9d6\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.1.30re \\\r\nally5.0.75-0ubuntu10.3_all.deb Size/MD5: 57722 ff1439fc167590572fe8d655db49e1bc\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.1.30really5.0.75-0ubuntu10.3_amd64.deb Size/MD5: 7690120 \\\r\n6da2ea09e8edf8a3d768a8e3d1ea15a9 \\\r\nhttp://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.1.3 \\\r\n0really5.0.75-0ubuntu10.3_amd64.deb Size/MD5: 1879070 \\\r\n3fc7c0599b8324bd9fc22c5eefa3b976 \\\r\nhttp://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.1.30re \\\r\nally5.0.75-0ubuntu10.3_amd64.deb Size/MD5: 8292706 0cbea113abd4393a8ef2d0231578ce7f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.1. \\\r\n30really5.0.75-0ubuntu10.3_amd64.deb Size/MD5: 24014628 \\\r\n767d67b701b7461e77fa1d1977d11e1b \\\r\nhttp://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-core-5.0_5.1 \\\r\n.30really5.0.75-0ubuntu10.3_amd64.deb Size/MD5: 3535012 \\\r\n0dc0c7f6f230c30aeda03e99d578653b\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_ \\\r\n5.1.30really5.0.75-0ubuntu10.3_i386.deb Size/MD5: 7299230 \\\r\nbaac628c664dfa1c699cc213a9c78fa6 \\\r\nhttp://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.1.3 \\\r\n0really5.0.75-0ubuntu10.3_i386.deb Size/MD5: 1843044 \\\r\n644c14b195edb5e34d8945ee407d2576 \\\r\nhttp://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.1.30re \\\r\nally5.0.75-0ubuntu10.3_i386.deb Size/MD5: 7879312 5158664029e5253233b9140b39a2df80\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.1. \\\r\n30really5.0.75-0ubuntu10.3_i386.deb Size/MD5: 23557588 \\\r\n90bd4333bd68fd47b530dca5dcc5eff4 \\\r\nhttp://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-core-5.0_5.1 \\\r\n.30really5.0.75-0ubuntu10.3_i386.deb Size/MD5: 3349320 \\\r\nd18278f2c4ef544a885e115006327c1e\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.1.30real \\\r\nly5.0.75-0ubuntu10.3_lpia.deb Size/MD5: 7240220 fa79ae81847f46dcd5d5daefa8a6c0f3\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.1.30reall \\\r\ny5.0.75-0ubuntu10.3_lpia.deb Size/MD5: 1831892 1e2464fce24ca6ea84345ca0978f49e0\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.1.30really5. \\\r\n0.75-0ubuntu10.3_lpia.deb Size/MD5: 7882476 63d25719b32f8656462d1fd25a18819d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.1.30really5. \\\r\n0.75-0ubuntu10.3_lpia.deb Size/MD5: 23479958 5343688fc3ef1a7ac6b59a6bcffd45fd\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-core-5.0_5.1.30rea \\\r\nlly5.0.75-0ubuntu10.3_lpia.deb Size/MD5: 3345432 14be7d779f4b5efabcbcddbb0d5a7acd\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.1.30real \\\r\nly5.0.75-0ubuntu10.3_powerpc.deb Size/MD5: 7692764 da0649e484302c6461ba8384121b91b2\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.1.30reall \\\r\ny5.0.75-0ubuntu10.3_powerpc.deb Size/MD5: 1883958 7f463f7d3b36f4681e3b808d737036d0\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.1.30really5. \\\r\n0.75-0ubuntu10.3_powerpc.deb Size/MD5: 8223568 7b96828c66e1120ffea61c84d2d2e838\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.1.30really5. \\\r\n0.75-0ubuntu10.3_powerpc.deb Size/MD5: 23969054 26a44c422051e7dd3f51bc85b59af8c6\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-core-5.0_5.1.30rea \\\r\nlly5.0.75-0ubuntu10.3_powerpc.deb Size/MD5: 3491954 \\\r\n7363ef1740d5de28a3a2fc99f87ed8cb\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.1.30real \\\r\nly5.0.75-0ubuntu10.3_sparc.deb Size/MD5: 7222702 4a0634e6d9cf1d39bd89c2c5487b573d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.1.30reall \\\r\ny5.0.75-0ubuntu10.3_sparc.deb Size/MD5: 1850126 cab29baa81c69947373e3e4feb42feb4\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.1.30really5. \\\r\n0.75-0ubuntu10.3_sparc.deb Size/MD5: 7853078 557aa2180add88e17f4aeccca599af27\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.1.30really5. \\\r\n0.75-0ubuntu10.3_sparc.deb Size/MD5: 23770508 862006745adfc1d70475859390cad1b7\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-core-5.0_5.1.30rea \\\r\nlly5.0.75-0ubuntu10.3_sparc.deb Size/MD5: 3303030 0c42d41169e9f68a151fefef5c98808b\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.37 \\\r\n-1ubuntu5.1.diff.gz Size/MD5: 324027 081acc52aeb607791ced32e325a75fd3\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.37 \\\r\n-1ubuntu5.1.dsc Size/MD5: 1882 46dbf831cc6b4780f2cd83413b5661c7\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.37 \\\r\n.orig.tar.gz Size/MD5: 17814352 a472b99a174592f052c37042764fea3e\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16-dev_ \\\r\n5.1.37-1ubuntu5.1_all.deb Size/MD5: 64104 2d47dd54cebd480163fff113ce7b5506\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client_5.1.37-1 \\\r\nubuntu5.1_all.deb Size/MD5: 64164 dd07b397c640f1687e10272ffc5a247a\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-common_5.1.37-1 \\\r\nubuntu5.1_all.deb Size/MD5: 69956 0ae3bdd2851865960eb9742ffeba8f11\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server_5.1.37-1 \\\r\nubuntu5.1_all.deb Size/MD5: 64288 376ed64c975947bb287391bb1bcbe932\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5. \\\r\n1.37-1ubuntu5.1_amd64.deb Size/MD5: 2401434 41b7e469f1566b873d524bafda60e75e\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1. \\\r\n37-1ubuntu5.1_amd64.deb Size/MD5: 1959230 70a0ccab9e29f6bb5ef029d73fe8c3d4\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37- \\\r\n1ubuntu5.1_amd64.deb Size/MD5: 5664854 2e126e3a5d850d0361b25fc9e8808ef4\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37- \\\r\n1ubuntu5.1_amd64.deb Size/MD5: 4435352 8e6e88801c466891a9e07743729b6e0c\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1. \\\r\n37-1ubuntu5.1_amd64.deb Size/MD5: 8833598 0200fbf6745b2d4df5fe4638f33e6b6d\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1. \\\r\n37-1ubuntu5.1_amd64.deb Size/MD5: 7271574 f0d1d182a70af5e07d952633a966b22f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1 \\\r\n_5.1.37-1ubuntu5.1_amd64.deb Size/MD5: 4125858 76802bd95972939cf2e21a2a317ca17e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5. \\\r\n1.37-1ubuntu5.1_i386.deb Size/MD5: 2331504 f0e7160d445f086438227ed6f7814c4e\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1. \\\r\n37-1ubuntu5.1_i386.deb Size/MD5: 1903424 d38f149b1c062dd900a379a34d4071a0\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37- \\\r\n1ubuntu5.1_i386.deb Size/MD5: 5430754 545a105ae29b719b39fb27e3442e0775\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37- \\\r\n1ubuntu5.1_i386.deb Size/MD5: 4208940 52feb3c648a6466bd1fc5735f50dbb89\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1. \\\r\n37-1ubuntu5.1_i386.deb Size/MD5: 8202316 f10965dd8477b55363b4d9f82395fcd5\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1. \\\r\n37-1ubuntu5.1_i386.deb Size/MD5: 7186322 6aa11525e264e48f16c6b89ea6a738f7\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1 \\\r\n_5.1.37-1ubuntu5.1_i386.deb Size/MD5: 3838568 337f04d464f77fe992fa8e69489b9748\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubun \\\r\ntu5.1_lpia.deb Size/MD5: 2320962 06e64a478b4ede2470771fac26342064\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu \\\r\n5.1_lpia.deb Size/MD5: 1904468 1b01e357d6445da62ba0a8f888800269\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.1 \\\r\n_lpia.deb Size/MD5: 5396228 7bb5585662b0883cb817fd0c8169bb84\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.1 \\\r\n_lpia.deb Size/MD5: 4179966 c6ad5137f34df27156f09520980f2e6c\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu \\\r\n5.1_lpia.deb Size/MD5: 8189810 151ed5d123d9ac50558cbc6b83b6a6ee\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu \\\r\n5.1_lpia.deb Size/MD5: 7196610 3134ca1a858bc6d9a4d810b0b782d8e5\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1u \\\r\nbuntu5.1_lpia.deb Size/MD5: 3826714 9b7e7469d2744da817fde75fdf6d8917\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubun \\\r\ntu5.1_powerpc.deb Size/MD5: 2417938 6b29433aaa8e8cabd380e005d4cfea58\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu \\\r\n5.1_powerpc.deb Size/MD5: 1934354 6e8274c6d42fdfdcf61198c8741a24cc\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.1 \\\r\n_powerpc.deb Size/MD5: 5627838 1d098c34ad32fab1de5908685c9a6077\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.1 \\\r\n_powerpc.deb Size/MD5: 4361220 1f281f697381cfb468d11a369ebb16a4\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu \\\r\n5.1_powerpc.deb Size/MD5: 8685418 5a004af8a70a5575500db54da4c2b6fa\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu \\\r\n5.1_powerpc.deb Size/MD5: 7206674 05bcbe3dc75172bb7c03db4194210553\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1u \\\r\nbuntu5.1_powerpc.deb Size/MD5: 4061750 962d092c5c6774f0f043557101b07907\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubun \\\r\ntu5.1_sparc.deb Size/MD5: 2318038 4a05ff8676fb62d2877b880c60aceb04\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu \\\r\n5.1_sparc.deb Size/MD5: 1925036 8c70c11fe4610506214a83259301755d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.1 \\\r\n_sparc.deb Size/MD5: 5290706 eecd02ca6929a0119de8f28725a2d061\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.1 \\\r\n_sparc.deb Size/MD5: 4078654 a569a9994e214b5dfa65b98324da2b53\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu \\\r\n5.1_sparc.deb Size/MD5: 8328340 567bfd7dfd65df115d5cf617ea966633\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu \\\r\n5.1_sparc.deb Size/MD5: 7298590 8fed24d4d76cc540cd391d11ff23773e\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1u \\\r\nbuntu5.1_sparc.deb Size/MD5: 3876780 78bb59a165a1a1f8ee2c25f19436f7dc\r\n\r\n\n ", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19118"}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7247", "CVE-2009-4019"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2010-02-02T01:06:45", "published": "2010-02-02T01:06:45", "id": "FEDORA:5556910F97B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: mysql-5.1.42-7.fc11", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7247", "CVE-2009-4019"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2010-02-02T01:18:20", "published": "2010-02-02T01:18:20", "id": "FEDORA:53A031103AB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: mysql-5.1.42-7.fc12", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7247", "CVE-2009-4019", "CVE-2010-1621"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2010-05-13T19:32:29", "published": "2010-05-13T19:32:29", "id": "FEDORA:2AF81110A48", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: mysql-5.1.46-1.fc12", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7247", "CVE-2009-4019", "CVE-2010-1621"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2010-05-13T19:27:15", "published": "2010-05-13T19:27:15", "id": "FEDORA:833EA11074F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: mysql-5.1.46-1.fc11", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7247", "CVE-2009-4019", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2010-06-07T22:28:04", "published": "2010-06-07T22:28:04", "id": "FEDORA:40AEE10FD1C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: mysql-5.1.47-1.fc12", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7247", "CVE-2009-4019", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2010-06-07T22:32:00", "published": "2010-06-07T22:32:00", "id": "FEDORA:BAEB610FD1C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: mysql-5.1.47-1.fc11", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7247", "CVE-2009-4019", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2008"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2010-08-03T00:36:28", "published": "2010-08-03T00:36:28", "id": "FEDORA:32B5F1112EF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: mysql-5.1.47-2.fc12", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:24:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2446", "CVE-2008-4456", "CVE-2009-4030", "CVE-2008-4098", "CVE-2008-7247", "CVE-2009-4019", "CVE-2009-4484"], "description": "It was discovered that MySQL could be made to overwrite existing table \nfiles in the data directory. An authenticated user could use the DATA \nDIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. \nThis update alters table creation behaviour by disallowing the use of the \nMySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This \nissue only affected Ubuntu 8.10. (CVE-2008-4098)\n\nIt was discovered that MySQL contained a cross-site scripting vulnerability \nin the command-line client when the --html option is enabled. An attacker \ncould place arbitrary web script or html in a database cell, which would \nthen get placed in the html document output by the command-line tool. This \nissue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. \n(CVE-2008-4456)\n\nIt was discovered that MySQL could be made to overwrite existing table \nfiles in the data directory. An authenticated user could use symlinks \ncombined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly \nbypass privilege checks. This issue only affected Ubuntu 9.10. \n(CVE-2008-7247)\n\nIt was discovered that MySQL contained multiple format string flaws when \nlogging database creation and deletion. An authenticated user could use \nspecially crafted database names to make MySQL crash, causing a denial of \nservice. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. \n(CVE-2009-2446)\n\nIt was discovered that MySQL incorrectly handled errors when performing \ncertain SELECT statements, and did not preserve correct flags when \nperforming statements that use the GeomFromWKB function. An authenticated \nuser could exploit this to make MySQL crash, causing a denial of service. \n(CVE-2009-4019)\n\nIt was discovered that MySQL incorrectly checked symlinks when using the \nDATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks \nto create tables that pointed to tables known to be created at a later \ntime, bypassing access restrictions. (CVE-2009-4030)\n\nIt was discovered that MySQL contained a buffer overflow when parsing \nssl certificates. A remote attacker could send crafted requests and cause a \ndenial of service or possibly execute arbitrary code. This issue did not \naffect Ubuntu 6.06 LTS and the default compiler options for affected \nreleases should reduce the vulnerability to a denial of service. In the \ndefault installation, attackers would also be isolated by the AppArmor \nMySQL profile. (CVE-2009-4484)", "edition": 5, "modified": "2010-02-10T00:00:00", "published": "2010-02-10T00:00:00", "id": "USN-897-1", "href": "https://ubuntu.com/security/notices/USN-897-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:26:36", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0075", "CVE-2012-0489", "CVE-2009-2446", "CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2008-4456", "CVE-2010-3839", "CVE-2009-4030", "CVE-2010-3835", "CVE-2012-0112", "CVE-2010-3681", "CVE-2010-3833", "CVE-2012-0491", "CVE-2012-0496", "CVE-2012-0113", "CVE-2007-5925", "CVE-2010-3840", "CVE-2012-0484", "CVE-2012-0494", "CVE-2012-0115", "CVE-2010-1621", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-1626", "CVE-2008-4098", "CVE-2010-2008", "CVE-2012-0101", "CVE-2010-3836", "CVE-2012-0488", "CVE-2010-3683", "CVE-2010-3677", "CVE-2008-3963", "CVE-2012-0493", "CVE-2010-1850", "CVE-2012-0114", "CVE-2010-3834", "CVE-2012-0495", "CVE-2010-3838", "CVE-2012-0119", "CVE-2012-0492", "CVE-2012-0116", "CVE-2012-0485", "CVE-2010-1848", "CVE-2008-7247", "CVE-2012-0117", "CVE-2012-0487", "CVE-2012-0087", "CVE-2012-0490", "CVE-2010-1849", "CVE-2012-0120", "CVE-2009-4019", "CVE-2011-2262", "CVE-2012-0118", "CVE-2009-4484", "CVE-2012-0102", "CVE-2012-0486"], "description": "Multiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, \nUbuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to \nMySQL 5.0.95.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information:\n\n<http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html> \n<http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html> \n<http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html>", "edition": 5, "modified": "2012-03-12T00:00:00", "published": "2012-03-12T00:00:00", "id": "USN-1397-1", "href": "https://ubuntu.com/security/notices/USN-1397-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2446", "CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2008-4456", "CVE-2010-3839", "CVE-2010-3835", "CVE-2008-4097", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-1621", "CVE-2009-4028", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-1626", "CVE-2008-4098", "CVE-2010-2008", "CVE-2010-3676", "CVE-2010-3836", "CVE-2010-3683", "CVE-2010-3677", "CVE-2008-3963", "CVE-2010-1850", "CVE-2010-3834", "CVE-2010-3838", "CVE-2010-1848", "CVE-2008-7247", "CVE-2010-1849", "CVE-2009-4019", "CVE-2009-4484"], "description": "### Background\n\nMySQL is a popular open-source multi-threaded, multi-user SQL database server. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.1.56\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2012-01-05T00:00:00", "published": "2012-01-05T00:00:00", "id": "GLSA-201201-02", "href": "https://security.gentoo.org/glsa/201201-02", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:12", "bulletinFamily": "info", "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-4456", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "description": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities\n\nApple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 is now available and\n\naddresses the following:\n\nAppKit\n\nCVE-ID: CVE-2010-0056\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Spell checking a maliciously crafted document may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the spell checking feature\n\nused by Cocoa applications. Spell checking a maliciously crafted\n\ndocument may lead to an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nApplication Firewall\n\nCVE-ID: CVE-2009-2801\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Certain rules in the Application Firewall may become\n\ninactive after restart\n\nDescription: A timing issue in the Application Firewall may cause\n\ncertain rules to become inactive after reboot. The issue is addressed\n\nthrough improved handling of Firewall rules. This issue does not\n\naffect Mac OS X v10.6 systems. Credit to Michael Kisor of\n\nOrganicOrb.com for reporting this issue.\n\nAFP Server\n\nCVE-ID: CVE-2010-0057\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: When guest access is disabled, a remote user may be able to\n\nmount AFP shares as a guest\n\nDescription: An access control issue in AFP Server may allow a\n\nremote user to mount AFP shares as a guest, even if guest access is\n\ndisabled. This issue is addressed through improved access control\n\nchecks. Credit: Apple.\n\nAFP Server\n\nCVE-ID: CVE-2010-0533\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote user with guest access to an AFP share may access\n\nthe contents of world-readable files outside the Public share\n\nDescription: A directory traversal issue exists in the path\n\nvalidation for AFP shares. A remote user may enumerate the parent\n\ndirectory of the share root, and read or write files within that\n\ndirectory that are accessible to the \u2018nobody\u2019 user. This issue is\n\naddressed through improved handling of file paths. Credit to Patrik\n\nKarlsson of cqure.net for reporting this issue.\n\nApache\n\nCVE-ID: CVE-2009-3095\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to bypass access control\n\nrestrictions\n\nDescription: An input validation issue exists in Apache\u2019s handling\n\nof proxied FTP requests. A remote attacker with the ability to issue\n\nrequests through the proxy may be able to bypass access control\n\nrestrictions specified in the Apache configuration. This issue is\n\naddressed by updating Apache to version 2.2.14.\n\nClamAV\n\nCVE-ID: CVE-2010-0058\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: ClamAV virus definitions may not receive updates\n\nDescription: A configuration issue introduced in Security Update\n\n2009-005 prevents freshclam from running. This may prevent virus\n\ndefinitions from being updated. This issue is addressed by updating\n\nfreshclam\u2019s launchd plist ProgramArguments key values. This issue\n\ndoes not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil\n\nShipley of Delicious Monster, and David Ferrero of Zion Software, LLC\n\nfor reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0059\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDM2 encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0060\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDMC encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreMedia\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in CoreMedia\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nCoreTypes\n\nCVE-ID: CVE-2010-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Users are not warned before opening certain potentially\n\nunsafe content types\n\nDescription: This update adds .ibplugin and .url to the system\u2019s\n\nlist of content types that will be flagged as potentially unsafe\n\nunder certain circumstances, such as when they are downloaded from a\n\nweb page. While these content types are not automatically launched,\n\nif manually opened they could lead to the execution of a malicious\n\nJavaScript payload or arbitrary code execution. This update improves\n\nthe system\u2019s ability to notify users before handling content types\n\nused by Safari. Credit to Clint Ruoho of Laconic Security for\n\nreporting this issue.\n\nCUPS\n\nCVE-ID: CVE-2010-0393\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain system privileges\n\nDescription: A format string issue exists in the lppasswd CUPS\n\nutility. This may allow a local user to obtain system privileges. Mac\n\nOS X v10.6 systems are only affected if the setuid bit has been set\n\non the binary. This issue is addressed by using default directories\n\nwhen running as a setuid process. Credit to Ronald Volgers for\n\nreporting this issue.\n\ncurl\n\nCVE-ID: CVE-2009-2417\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A man-in-the-middle attacker may be able to impersonate a\n\ntrusted server\n\nDescription: A canonicalization issue exists in curl\u2019s handling of\n\nNULL characters in the subject\u2019s Common Name (CN) field of X.509\n\ncertificates. This may lead to man-in-the-middle attacks against\n\nusers of the curl command line tool, or applications using libcurl.\n\nThis issue is addressed through improved handling of NULL characters.\n\ncurl\n\nCVE-ID: CVE-2009-0037\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Using curl with -L may allow a remote attacker to read or\n\nwrite local files\n\nDescription: curl will follow HTTP and HTTPS redirects when used\n\nwith the -L option. When curl follows a redirect, it allows file://\n\nURLs. This may allow a remote attacker to access local files. This\n\nissue is addressed through improved validation of redirects. This\n\nissue does not affect Mac OS X v10.6 systems. Credit to Daniel\n\nStenberg of Haxx AB for reporting this issue.\n\nCyrus IMAP\n\nCVE-ID: CVE-2009-2632\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A local user may be able to obtain the privileges of the\n\nCyrus user\n\nDescription: A buffer overflow exists in the handling of sieve\n\nscripts. By running a maliciously crafted sieve script, a local user\n\nmay be able to obtain the privileges of the Cyrus user. This issue is\n\naddressed through improved bounds checking. This issue does not\n\naffect Mac OS X v10.6 systems.\n\nCyrus SASL\n\nCVE-ID: CVE-2009-0688\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: An unauthenticated remote attacker may cause unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the Cyrus SASL\n\nauthentication module. Using Cyrus SASL authentication may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0064\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Items copied in the Finder may be assigned an unexpected\n\nfile owner\n\nDescription: When performing an authenticated copy in the Finder,\n\noriginal file ownership may be unexpectedly copied. This update\n\naddresses the issue by ensuring that copied files are owned by the\n\nuser performing the copy. This issue does not affect systems prior to\n\nMac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn,\n\nAL) for reporting this issue.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0537\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may gain access to user data via a multi-\n\nstage attack\n\nDescription: A path resolution issue in DesktopServices is\n\nvulnerable to a multi-stage attack. A remote attacker must first\n\nentice the user to mount an arbitrarily named share, which may be\n\ndone via a URL scheme. When saving a file using the default save\n\npanel in any application, and using \u201cGo to folder\u201d or dragging\n\nfolders to the save panel, the data may be unexpectedly saved to the\n\nmalicious share. This issue is addressed through improved path\n\nresolution. This issue does not affect systems prior to Mac OS X\n\nv10.6. Credit to Sidney San Martin working with DeepTech, Inc. for\n\nreporting this issue.\n\nDisk Images\n\nCVE-ID: CVE-2010-0065\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nbzip2 compressed disk images. Mounting a maliciously crafted disk\n\nimage may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed through improved bounds\n\nchecking. Credit: Apple.\n\nDisk Images\n\nCVE-ID: CVE-2010-0497\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to\n\narbitrary code execution\n\nDescription: A design issue exists in the handling of internet\n\nenabled disk images. Mounting an internet enabled disk image\n\ncontaining a package file type will open it rather than revealing it\n\nin the Finder. This file quarantine feature helps to mitigate this\n\nissue by providing a warning dialog for unsafe file types. This issue\n\nis addressed through improved handling of package file types on\n\ninternet enabled disk images. Credit to Brian Mastenbrook working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nDirectory Services\n\nCVE-ID: CVE-2010-0498\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may obtain system privileges\n\nDescription: An authorization issue in Directory Services\u2019 handling\n\nof record names may allow a local user to obtain system privileges.\n\nThis issue is addressed through improved authorization checks.\n\nCredit: Apple.\n\nDovecot\n\nCVE-ID: CVE-2010-0535\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to send and receive mail\n\neven if the user is not on the SACL of users who are permitted to do\n\nso\n\nDescription: An access control issue exists in Dovecot when Kerberos\n\nauthentication is enabled. This may allow an authenticated user to\n\nsend and receive mail even if the user is not on the service access\n\ncontrol list (SACL) of users who are permitted to do so. This issue\n\nis addressed through improved access control checks. This issue does\n\nnot affect systems prior to Mac OS X v10.6.\n\nEvent Monitor\n\nCVE-ID: CVE-2010-0500\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may cause arbitrary systems to be added to\n\nthe firewall blacklist\n\nDescription: A reverse DNS lookup is performed on remote ssh clients\n\nthat fail to authenticate. A plist injection issue exists in the\n\nhandling of resolved DNS names. This may allow a remote attacker to\n\ncause arbitrary systems to be added to the firewall blacklist. This\n\nissue is addressed by properly escaping resolved DNS names. Credit:\n\nApple.\n\nFreeRADIUS\n\nCVE-ID: CVE-2010-0524\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may obtain access to a network via RADIUS\n\nauthentication\n\nDescription: A certificate authentication issue exists in the\n\ndefault Mac OS X configuration of the FreeRADIUS server. A remote\n\nattacker may use EAP-TLS with an arbitrary valid certificate to\n\nauthenticate and connect to a network configured to use FreeRADIUS\n\nfor authentication. This issue is addressed by disabling support for\n\nEAP-TLS in the configuration. RADIUS clients should use EAP-TTLS\n\ninstead. This issue only affects Mac OS X Server systems. Credit to\n\nChris Linstruth of Qnet for reporting this issue.\n\nFTP Server\n\nCVE-ID: CVE-2010-0501\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Users may be able to retrieve files outside the FTP root\n\ndirectory\n\nDescription: A directory traversal issue exists in FTP Server. This\n\nmay allow a user to retrieve files outside the FTP root directory.\n\nThis issue is addressed through improved handling of file names. This\n\nissue only affects Mac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2006-1329\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An implementation issue exists in jabberd\u2019s handling of\n\nSASL negotiation. A remote attacker may be able to terminate the\n\noperation of jabberd. This issue is addressed through improved\n\nhandling of SASL negotiation. This issue only affects Mac OS X Server\n\nsystems.\n\niChat Server\n\nCVE-ID: CVE-2010-0502\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Chat messages may not be logged\n\nDescription: A design issue exists in iChat Server\u2019s support for\n\nconfigurable group chat logging. iChat Server only logs messages with\n\ncertain message types. This may allow a remote user to send a message\n\nthrough the server without it being logged. The issue is addressed by\n\nremoving the capability to disable group chat logs, and logging all\n\nmessages that are sent through the server. This issue only affects\n\nMac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2010-0503\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A use-after-free issue exists in iChat Server. An\n\nauthenticated user may be able to cause an unexpected application\n\ntermination or arbitrary code execution. This issue is addressed\n\nthrough improved memory reference tracking. This issue only affects\n\nMac OS X Server systems, and does not affect versions 10.6 or later.\n\niChat Server\n\nCVE-ID: CVE-2010-0504\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: Multiple stack buffer overflow issues exist in iChat\n\nServer. An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution. These issues are\n\naddressed through improved memory management. These issues only\n\naffect Mac OS X Server systems. Credit: Apple.\n\nImageIO\n\nCVE-ID: CVE-2010-0505\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of JP2\n\nimages. Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Service, and researcher\n\n\u201c85319bb6e6ab398b334509c50afce5259d42756e\u201d working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0041\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of BMP images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of BMP images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of TIFF images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of TIFF images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0043\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Processing a maliciously crafted TIFF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nTIFF images. Processing a maliciously crafted TIFF image may lead to\n\nan unexpected application termination or arbitrary code execution.\n\nThis issue is addressed through improved memory handling. This issue\n\ndoes not affect systems prior to Mac OS X v10.6. Credit to Gus\n\nMueller of Flying Meat for reporting this issue.\n\nImage RAW\n\nCVE-ID: CVE-2010-0506\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of NEF\n\nimages. Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems. Credit: Apple.\n\nImage RAW\n\nCVE-ID: CVE-2010-0507\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of PEF\n\nimages. Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Services for reporting\n\nthis issue.\n\nLibsystem\n\nCVE-ID: CVE-2009-0689\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Applications that convert untrusted data between binary\n\nfloating point and text may be vulnerable to an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the floating point binary\n\nto text conversion code within Libsystem. An attacker who can cause\n\nan application to convert a floating point value into a long string,\n\nor to parse a maliciously crafted string as a floating point value,\n\nmay be able to cause an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. Credit to Maksymilian Arciemowicz of\n\nSecurityReason.com for reporting this issue.\n\nMail\n\nCVE-ID: CVE-2010-0508\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Rules associated with a deleted mail account remain in\n\neffect\n\nDescription: When a mail account is deleted, user-defined filter\n\nrules associated with that account remain active. This may result in\n\nunexpected actions. This issue is addressed by disabling associated\n\nrules when a mail account is deleted.\n\nMail\n\nCVE-ID: CVE-2010-0525\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mail may use a weaker encryption key for outgoing email\n\nDescription: A logic issue exists in Mail\u2019s handling of encryption\n\ncertificates. When multiple certificates for the recipient exist in\n\nthe keychain, Mail may select an encryption key that is not intended\n\nfor encipherment. This may lead to a security issue if the chosen key\n\nis weaker than expected. This issue is addressed by ensuring that the\n\nkey usage extension within certificates is evaluated when selecting a\n\nmail encryption key. Credit to Paul Suh of ps Enable, Inc. for\n\nreporting this issue.\n\nMailman\n\nCVE-ID: CVE-2008-0564\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in Mailman 2.1.9\n\nDescription: Multiple cross-site scripting issues exist in Mailman\n\n2.1.9. These issues are addressed by updating Mailman to version\n\n2.1.13. Further information is available via the Mailman site at\n\nhttp://mail.python.org/pipermail/mailman-\n\nannounce/2009-January/000128.html These issues only affect Mac OS X\n\nServer systems, and do not affect versions 10.6 or later.\n\nMySQL\n\nCVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019,\n\nCVE-2009-4030\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in MySQL 5.0.82\n\nDescription: MySQL is updated to version 5.0.88 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitrary code\n\nexecution. These issues only affect Mac OS X Server systems. Further\n\ninformation is available via the MySQL web site at\n\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html\n\nOS Services\n\nCVE-ID: CVE-2010-0509\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain elevated privileges\n\nDescription: A privilege escalation issue exists in SFLServer, as it\n\nruns as group \u2018wheel\u2019 and accesses files in users\u2019 home directories.\n\nThis issue is addressed through improved privilege management. Credit\n\nto Kevin Finisterre of DigitalMunition for reporting this issue.\n\nPassword Server\n\nCVE-ID: CVE-2010-0510\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to log in with an outdated\n\npassword\n\nDescription: An implementation issue in Password Server\u2019s handling\n\nof replication may cause passwords to not be replicated. A remote\n\nattacker may be able to log in to a system using an outdated\n\npassword. This issue is addressed through improved handling of\n\npassword replication. This issue only affects Mac OS X Server\n\nsystems. Credit to Jack Johnson of Anchorage School District for\n\nreporting this issue.\n\nperl\n\nCVE-ID: CVE-2008-5302, CVE-2008-5303\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A local user may cause arbitrary files to be deleted\n\nDescription: Multiple race condition issues exist in the rmtree\n\nfunction of the perl module File::Path. A local user with write\n\naccess to a directory that is being deleted may cause arbitrary files\n\nto be removed with the privileges of the perl process. This issue is\n\naddressed through improved handling of symbolic links. This issue\n\ndoes not affect Mac OS X v10.6 systems.\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in PHP 5.3.0\n\nDescription: PHP is updated to version 5.3.1 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitary code\n\nexecution. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142,\n\nCVE-2009-4143\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in PHP 5.2.11\n\nDescription: PHP is updated to version 5.2.12 to address multiple\n\nvulnerabilities, the most serious of which may lead to cross-site\n\nscripting. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPodcast Producer\n\nCVE-ID: CVE-2010-0511\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: An unauthorized user may be able to access a Podcast\n\nComposer workflow\n\nDescription: When a Podcast Composer workflow is overwritten, the\n\naccess restrictions are removed. This may allow an unauthorized user\n\nto access a Podcast Composer workflow. This issue is addressed\n\nthrough improved handling of workflow access restrictions. Podcast\n\nComposer was introduced in Mac OS X Server v10.6.\n\nPreferences\n\nCVE-ID: CVE-2010-0512\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A network user may be able to bypass system login\n\nrestrictions\n\nDescription: An implementation issue exists in the handling of\n\nsystem login restrictions for network accounts. If the network\n\naccounts allowed to log in to the system at the Login Window are\n\nidentified by group membership only, the restriction will not be\n\nenforced, and all network users will be allowed to log in to the\n\nsystem. The issue is addressed through improved group restriction\n\nmanagement in the Accounts preference pane. This issue only affects\n\nsystems configured to use a network account server, and does not\n\naffect systems prior to Mac OS X v10.6. Credit to Christopher D.\n\nGrieb of University of Michigan MSIS for reporting this issue.\n\nPS Normalizer\n\nCVE-ID: CVE-2010-0513\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PostScript file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A stack buffer overflow exists in the handling of\n\nPostScript files. Viewing a maliciously crafted PostScript file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of PostScript files. On Mac OS X v10.6 systems this issue\n\nis mitigated by the -fstack-protector compiler flag. Credit: Apple.\n\nQuickTime\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in QuickTime\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0514\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of H.261\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of H.261 encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0515\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption in the handling of H.264 encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of H.264\n\nencoded movie files.\n\nQuickTime\n\nCVE-ID: CVE-2010-0516\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of RLE encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of RLE encoded\n\nmovie files. Credit to an anonymous researcher working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0517\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of M-JPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of M-JPEG encoded movie files. Credit to Damian Put\n\nworking with TippingPoint\u2019s Zero Day Initiative for reporting this\n\nissue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0518\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nSorenson encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of Sorenson encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0519\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: An integer overflow exists in the handling of FlashPix\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0520\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of FLC\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of FLC encoded movie files. Credit to Moritz Jodeit of\n\nn.runs AG, working with TippingPoint\u2019s Zero Day Initiative, and\n\nNicols Joly of VUPEN Security for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0526\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted MPEG file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of MPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of MPEG encoded movie files. Credit to an anonymous\n\nresearcher working with TippingPoint\u2019s Zero Day Initiative for\n\nreporting this issue.\n\nRuby\n\nCVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple issues in Ruby on Rails\n\nDescription: Multiple vulnerabilities exist in Ruby on Rails, the\n\nmost serious of which may lead to cross-site scripting. On Mac OS X\n\nv10.6 systems, these issues are addressed by updating Ruby on Rails\n\nto version 2.3.5. Mac OS X v10.5 systems are affected only by\n\nCVE-2009-4214, and this issue is addressed through improved\n\nvalidation of arguments to strip_tags.\n\nRuby\n\nCVE-ID: CVE-2009-1904\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Running a Ruby script that uses untrusted input to\n\ninitialize a BigDecimal object may lead to an unexpected application\n\ntermination\n\nDescription: A stack exhaustion issue exists in Ruby\u2019s handling of\n\nBigDecimal objects with very large values. Running a Ruby script that\n\nuses untrusted input to initialize a BigDecimal object may lead to an\n\nunexpected application termination. For Mac OS X v10.6 systems, this\n\nissue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS\n\nv10.5 systems, this issue is addressed by updating Ruby to version\n\n1.8.6-p369.\n\nServer Admin\n\nCVE-ID: CVE-2010-0521\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may extract information from Open\n\nDirectory\n\nDescription: A design issue exists in the handling of authenticated\n\ndirectory binding. A remote attacker may be able to anonymously\n\nextract information from Open Directory, even if the \u201cRequire\n\nauthenticated binding between directory and clients\u201d option is\n\nenabled. The issue is addressed by removing this configuration\n\noption. This issue only affects Mac OS X Server systems. Credit to\n\nScott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS\n\nComputervertriebsgesellschaft mbH for reporting this issue.\n\nServer Admin\n\nCVE-ID: CVE-2010-0522\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A former administrator may have unauthorized access to\n\nscreen sharing\n\nDescription: A user who is removed from the \u2018admin\u2019 group may still\n\nconnect to the server using screen sharing. This issue is addressed\n\nthrough improved handling of administrator privileges. This issue\n\nonly affects Mac OS X Server systems, and does not affect version\n\n10.6 or later. Credit: Apple.\n\nSMB\n\nCVE-ID: CVE-2009-2906\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An infinite loop issue exists in Samba\u2019s handling of\n\nSMB \u2018oplock\u2019 break notifications. A remote attacker may be able to\n\ntrigger an infinite loop in smbd, causing it to consume excessive CPU\n\nresources. The issue is addressed through improved handling of\n\n\u2018oplock\u2019 break notifications.\n\nTomcat\n\nCVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515,\n\nCVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in Tomcat 6.0.18\n\nDescription: Tomcat is updated to version 6.0.24 to address multiple\n\nvulnerabilities, the most serious of which may lead to a cross site\n\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\n\nFurther information is available via the Tomcat site at\n\nhttp://tomcat.apache.org/\n\nunzip\n\nCVE-ID: CVE-2008-0888\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Extracting maliciously crafted zip files using the unzip\n\ncommand tool may lead to an unexpected application termination or\n\ncode execution\n\nDescription: An uninitialized pointer issue exists is the handling\n\nof zip files. Extracting maliciously crafted zip files using the\n\nunzip command tool may lead to an unexpected application termination\n\nor arbitrary code execution. This issue is addressed by performing\n\nadditional validation of zip files. This issue does not affect Mac OS\n\nX v10.6 systems.\n\nvim\n\nCVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in vim 7.0\n\nDescription: Multiple vulnerabilities exist in vim 7.0, the most\n\nserious of which may lead to arbitrary code execution when working\n\nwith maliciously crafted files. These issues are addressed by\n\nupdating to vim 7.2.102. These issues do not affect Mac OS X v10.6\n\nsystems. Further information is available via the vim website at\n\nhttp://www.vim.org/\n\nWiki Server\n\nCVE-ID: CVE-2010-0523\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Uploading a maliciously crafted applet may lead to the\n\ndisclosure of sensitive information\n\nDescription: Wiki Server allows users to upload active content such\n\nas Java applets. A remote attacker may obtain sensitive information\n\nby uploading a maliciously crafted applet and directing a Wiki Server\n\nuser to view it. The issue is addressed by restricting the file types\n\nthat may be uploaded to the Wiki Server. This issue only affects Mac\n\nOS X Server systems, and does not affect versions 10.6 or later.\n\nWiki Server\n\nCVE-ID: CVE-2010-0534\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may bypass weblog creation\n\nrestrictions\n\nDescription: Wiki Server supports service access control lists\n\n(SACLs), allowing an administrator to control the publication of\n\ncontent. Wiki Server fails to consult the weblog SACL during the\n\ncreation of a user\u2019s weblog. This may allow an authenticated user to\n\npublish content to the Wiki Server, even though publication should be\n\ndisallowed by the service ACL. This issue does not affect systems\n\nprior to Mac OS X v10.6.\n\nX11\n\nCVE-ID: CVE-2009-2042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted image may lead to the\n\ndisclosure of sensitive information\n\nDescription: libpng is updated to version 1.2.37 to address an issue\n\nthat may result in the disclosure of sensitive information. Further\n\ninformation is available via the libpng site at\n\nhttp://www.libpng.org/pub/png/libpng.html\n\nX11\n\nCVE-ID: CVE-2003-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Displaying maliciously crafted data within an xterm terminal\n\nmay lead to arbitrary code execution\n\nDescription: The xterm program supports a command sequence to change\n\nthe window title, and to print the window title to the terminal. The\n\ninformation returned is provided to the terminal as though it were\n\nkeyboard input from the user. Within an xterm terminal, displaying\n\nmaliciously crafted data containing such sequences may result in\n\ncommand injection. The issue is addressed by disabling the affected\n\ncommand sequence.\n\nxar\n\nCVE-ID: CVE-2010-0055\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A modified package may appear as validly signed\n\nDescription: A design issue exists in xar when validating a package\n\nsignature. This may allow a modified package to appear as validly\n\nsigned. This issue is fixed through improved package signature\n\nvalidation. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 may be obtained from\n\nthe Software Update pane in System Preferences, or Apple\u2019s Software\n\nDownloads web site:\n\nhttp://www.apple.com/support/downloads/\n\n[](<https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/>)Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nIn some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.\n\nThe update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.\n\nIt also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.\n\nHere\u2019s [the full list](<http://support.apple.com/kb/HT4077>) of the patched vulnerabilities. \n\nThe Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or [Apple\u2019s Software Downloads](<site:http://www.apple.com/support/downloads/>) web page.\n", "modified": "2013-04-17T16:37:25", "published": "2010-03-29T17:15:44", "id": "THREATPOST:4F867C686B7E31697E158FBD04A5DD35", "href": "https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/73753/", "type": "threatpost", "title": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
