[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] IMAP and MySQL VULNERABILITY
- Subject: [cobalt-users] IMAP and MySQL VULNERABILITY
- From: eurodev@xxxxxxxxxx
- Date: Mon Mar 29 15:03:00 2004
- Organization: Oreade
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi
I have read that
IMAP VULNERABILITY
MySQL VULNERABILITY
What can we do for this problemes whith a Cobalt RaQ4 ?
are they some patch and where can they found it's
thank you very mutch
-------------------------------------------------------------
IMAP VULNERABILITY
"Multiple buffer overflow vulnerabilities have been identified in Courier
MTA, Courier SqWebMail, and Courier-IMAP. These vulnerabilities may allow a
remote attacker to execute arbitrary code on a vulnerable system in order
to gain unauthorized access."
Source : http://www.securityfocus.com/bid/9845/info/
-------------
MySQL VULNERABILITY
TITLE:
MySQL "mysqlbug" Insecure Temporary File Creation Vulnerability
SECUNIA ADVISORY ID:
SA11223
VERIFY ADVISORY:
http://secunia.com/advisories/11223/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
MySQL 4.x
MySQL 3.x
DESCRIPTION:
Shaun Colley has reported a vulnerability in MySQL, potentially allowing
malicious users to escalate their privileges.
The bug reporting tool "mysqlbug" creates the file
"/tmp/failed-mysql-bugreport" in an insecure manner if the editor is exited
without changing anything. This can potentially be exploited by malicious
users to overwrite arbitrary files when "mysqlbug" is executed by a
privileged user.
The vulnerability reportedly affects:
3.23.58 and prior.
4.0.18 and prior.
SOLUTION:
The vulnerability has been fixed in CVS and will be included in the next
release.
Do not use the "mysqlbug" script on systems with untrusted users.
--
Cordialement
Jean Louis
---------------------
Oreade Multimedia