aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ports-mgmt/portaudit-db/database/portaudit.txt2
-rw-r--r--security/portaudit-db/database/portaudit.txt2
-rw-r--r--security/vuxml/vuln.xml31
3 files changed, 31 insertions, 4 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index 910819df7c8e..99cea615ca70 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -36,5 +36,3 @@ libxine<1.0.r4|http://www.xinehq.de/index.php/security/XSA-2004-3 http://cve.mit
apache>=2.*<2.0.49_3|http://www.guninski.com/httpd1.html http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 http://secunia.com/advisories/11956 http://www.osvdb.org/7269|Apache input header folding DoS vulnerability|81a8c9c2-c94f-11d8-8898-000d6111a684
isakmpd<20040611|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022399.html http://www.osvdb.org/6951 http://www.secunia.com/advisories/11827 http://www.securityfocus.com/bid/10496|isakmpd security association deletion vulnerability|9a73a5b4-c9b5-11d8-95ca-02e081301d81
krb5<1.3.4|http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0523 http://www.osvdb.org/6846 http://secunia.com/advisories/11753 http://www.kb.cert.org/vuls/id/686862 http://www.securityfocus.com/bid/10448|MIT Kerberos 5 krb5_aname_to_localname() buffer overflow|5177b6e5-c9b7-11d8-95ca-02e081301d81
-mysql-server>=4.1.*<4.1.3|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
-mysql-server>=5.*<=5.0.0_2|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index 910819df7c8e..99cea615ca70 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -36,5 +36,3 @@ libxine<1.0.r4|http://www.xinehq.de/index.php/security/XSA-2004-3 http://cve.mit
apache>=2.*<2.0.49_3|http://www.guninski.com/httpd1.html http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 http://secunia.com/advisories/11956 http://www.osvdb.org/7269|Apache input header folding DoS vulnerability|81a8c9c2-c94f-11d8-8898-000d6111a684
isakmpd<20040611|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022399.html http://www.osvdb.org/6951 http://www.secunia.com/advisories/11827 http://www.securityfocus.com/bid/10496|isakmpd security association deletion vulnerability|9a73a5b4-c9b5-11d8-95ca-02e081301d81
krb5<1.3.4|http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0523 http://www.osvdb.org/6846 http://secunia.com/advisories/11753 http://www.kb.cert.org/vuls/id/686862 http://www.securityfocus.com/bid/10448|MIT Kerberos 5 krb5_aname_to_localname() buffer overflow|5177b6e5-c9b7-11d8-95ca-02e081301d81
-mysql-server>=4.1.*<4.1.3|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
-mysql-server>=5.*<=5.0.0_2|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 843eae27de34..c1a29d59c756 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -3856,4 +3856,35 @@ misc.c:
<entry>2004-07-05</entry>
</dates>
</vuln>
+
+ <vuln vid="e5e2883d-ceb9-11d8-8898-000d6111a684">
+ <topic>MySQL authentication bypass / buffer overflow</topic>
+ <affects>
+ <package>
+ <name>mysql-server</name>
+ <range><ge>4.1.*</ge><lt>4.1.3</lt></range>
+ <range><ge>5.*</ge><le>5.0.0_2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>By submitting a carefully crafted authentication packet, it is possible
+ for an attacker to bypass password authentication in MySQL 4.1. Using a
+ similar method, a stack buffer used in the authentication mechanism can
+ be overflowed.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://www.nextgenss.com/advisories/mysql-authbypass.txt</url>
+ <url>http://dev.mysql.com/doc/mysql/en/News-4.1.3.html</url>
+ <url>http://secunia.com/advisories/12020</url>
+ <url>http://www.osvdb.org/7475</url>
+ <url>http://www.osvdb.org/7476</url>
+ <mlist msgid="Pine.LNX.4.44.0407080940550.9602-200000@pineapple.shacknet.nu">http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html</mlist>
+ </references>
+ <dates>
+ <discovery>2004-07-01</discovery>
+ <entry>2004-07-05</entry>
+ </dates>
+ </vuln>
</vuxml>
generated by cgit (git 2.34.1) at 2025-01-24 10:00:24 +0800