diff options
| author | Oliver Eikemeier <eik@FreeBSD.org> | 2004-07-08 14:24:07 +0000 |
|---|---|---|
| committer | Oliver Eikemeier <eik@FreeBSD.org> | 2004-07-08 14:24:07 +0000 |
| commit | 5f1e2eed8ccab64ee54bb22abac8a76bbdac17da (patch) | |
| tree | af0238381ee4e45f835bc37056354880adea4db5 /security | |
| parent | Update to 0.5 (diff) | |
move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml
Notes
Notes:
svn path=/head/; revision=113219
Diffstat (limited to 'security')
| -rw-r--r-- | security/portaudit-db/database/portaudit.txt | 2 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 31 |
2 files changed, 31 insertions, 2 deletions
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt index 910819df7c8e..99cea615ca70 100644 --- a/security/portaudit-db/database/portaudit.txt +++ b/security/portaudit-db/database/portaudit.txt @@ -36,5 +36,3 @@ libxine<1.0.r4|http://www.xinehq.de/index.php/security/XSA-2004-3 http://cve.mit apache>=2.*<2.0.49_3|http://www.guninski.com/httpd1.html http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 http://secunia.com/advisories/11956 http://www.osvdb.org/7269|Apache input header folding DoS vulnerability|81a8c9c2-c94f-11d8-8898-000d6111a684 isakmpd<20040611|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022399.html http://www.osvdb.org/6951 http://www.secunia.com/advisories/11827 http://www.securityfocus.com/bid/10496|isakmpd security association deletion vulnerability|9a73a5b4-c9b5-11d8-95ca-02e081301d81 krb5<1.3.4|http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0523 http://www.osvdb.org/6846 http://secunia.com/advisories/11753 http://www.kb.cert.org/vuls/id/686862 http://www.securityfocus.com/bid/10448|MIT Kerberos 5 krb5_aname_to_localname() buffer overflow|5177b6e5-c9b7-11d8-95ca-02e081301d81 -mysql-server>=4.1.*<4.1.3|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684 -mysql-server>=5.*<=5.0.0_2|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 843eae27de34..c1a29d59c756 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -3856,4 +3856,35 @@ misc.c: <entry>2004-07-05</entry> </dates> </vuln> + + <vuln vid="e5e2883d-ceb9-11d8-8898-000d6111a684"> + <topic>MySQL authentication bypass / buffer overflow</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.1.*</ge><lt>4.1.3</lt></range> + <range><ge>5.*</ge><le>5.0.0_2</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>By submitting a carefully crafted authentication packet, it is possible + for an attacker to bypass password authentication in MySQL 4.1. Using a + similar method, a stack buffer used in the authentication mechanism can + be overflowed.</p> + </body> + </description> + <references> + <url>http://www.nextgenss.com/advisories/mysql-authbypass.txt</url> + <url>http://dev.mysql.com/doc/mysql/en/News-4.1.3.html</url> + <url>http://secunia.com/advisories/12020</url> + <url>http://www.osvdb.org/7475</url> + <url>http://www.osvdb.org/7476</url> + <mlist msgid="Pine.LNX.4.44.0407080940550.9602-200000@pineapple.shacknet.nu">http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html</mlist> + </references> + <dates> + <discovery>2004-07-01</discovery> + <entry>2004-07-05</entry> + </dates> + </vuln> </vuxml> |