Next generation host vulnerability scanning based on version matching rule base
We define the following rules for version based vulnerability detection
<Vulns>
<Vulnerability added="2004-12-22" id="mysql-bug-report-symlink" modified="2013-08-22" published="2004-05-04" version="2.0">
<name>MySQL Bug Report Symlink Vulnerability</name>
<severity>2</severity>
<cvss>(AV:L/AC:L/Au:N/C:N/I:P/A:N)</cvss>
<Tags>
<tag>Database</tag>
<tag>Oracle</tag>
<tag>Oracle MySQL</tag>
</Tags>
<AlternateIds>
<id name="BID">9976</id>
<id name="CIAC">P-018</id>
<id name="CVE">CVE-2004-0381</id>
<id name="DEBIAN">DSA-483</id>
<id name="MANDRAKE">MDKSA-2004:034</id>
<id name="OVAL">OVAL11557</id>
<id name="REDHAT">RHSA-2004:569</id>
<id name="REDHAT">RHSA-2004:597</id>
<id name="XF">15617</id>
</AlternateIds>
<Description>
<p>
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
</p>
</Description>
<Check id="mysql-bug-report-symlink" scope="endpoint">
<NetworkService type="MySQL">
<Product name="MySQL" vendor="Oracle">
<version>
<range>
<low>3.20.26</low>
<high>3.23.59</high>
</range>
</version>
<version>
<range>
<low>4.0.0</low>
<high>4.0.19</high>
</range>
</version>
</Product>
</NetworkService>
</Check>
<Solutions>
<summary>升級到最新版本的 Oracle MySQL</summary>
<workaround>
<p>
下載並套用更新:
<a href="http://dev.mysql.com/downloads/mysql">http://dev.mysql.com/downloads/mysql</a>
</p>
</workaround>
</Solutions>
<cnnvd>CNNVD-200405-031</cnnvd>
</Vulnerability>
<Vulnerability added="2004-11-01" id="mysql-com-change-user-bof" modified="2013-08-22" published="2002-12-23" version="2.0">
<name>MySQL COM_CHANGE_USER Buffer Overflow</name>
<severity>8</severity>
<cvss>(AV:N/AC:L/Au:N/C:P/I:P/A:P)</cvss>
<Tags>
<tag>Database</tag>
<tag>Oracle</tag>
<tag>Oracle MySQL</tag>
<tag>Remote Execution</tag>
</Tags>
<AlternateIds>
<id name="BID">6375</id>
<id name="CONECTIVA">CLSA-2002:555</id>
<id name="CVE">CVE-2002-1375</id>
<id name="DEBIAN">DSA-212</id>
<id name="MANDRAKE">MDKSA-2002:087</id>
<id name="REDHAT">RHSA-2002:288</id>
<id name="REDHAT">RHSA-2002:289</id>
<id name="REDHAT">RHSA-2003:166</id>
<id name="SUSE">SUSE-SA:2003:003</id>
<id name="XF">10848</id>
</AlternateIds>
<Description>
<p>
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
</p>
</Description>
<Check id="mysql-com-change-user-bof" scope="endpoint">
<NetworkService type="MySQL">
<Product name="MySQL" vendor="Oracle">
<version>
<range>
<high>3.23.54</high>
</range>
</version>
</Product>
</NetworkService>
</Check>
<Solutions>
<summary>升級到最新版本的 Oracle MySQL</summary>
<workaround>
<p>
下載並套用更新:
<a href="http://dev.mysql.com/downloads/mysql">http://dev.mysql.com/downloads/mysql</a>
</p>
</workaround>
</Solutions>
<cnnvd>CNNVD-200212-064</cnnvd>
</Vulnerability>
</Vulns>