Debian Security Advisory DSA 540-1 (mysql) Network Vulnerability

Summary

The remote host is missing an update to mysql announced via advisory DSA 540-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20540-1

Insight

Jeroen van Wolffelaar <jeroen@wolffelaar.nl> discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method which is part of the mysql-server packge For the stable distribution (woody) this problem has been fixed in version 3.23.49-8.7 of mysql. For the unstable distribution (sid) this problem has been fixed in version 4.0.20-11 of mysql-dfsg. We recommend that you upgrade your mysql-server package.

Severity

Classification

CVE CVE-2004-0457

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1007-1 (drupal)
Debian Security Advisory DSA 1148-1 (gallery)
Debian Security Advisory DSA 1100-1 (wv2)
Debian Security Advisory DSA 1077-1 (lynx-ssl)
Debian Security Advisory DSA 077-1 (squid)

Take action and discover your vulnerabilities