move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml

svn path=/head/; revision=113219
2004-07-08 14:24:07 +00:00 · 2004-07-08 14:24:07 +00:00 · 5f1e2eed8c · 2021-03-31 03:12:20 +00:00
commit 5f1e2eed8c
parent 1f6fffac4d
3 changed files with 31 additions and 4 deletions
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@ -36,5 +36,3 @@ libxine<1.0.r4|http://www.xinehq.de/index.php/security/XSA-2004-3 http://cve.mit
 apache>=2.*<2.0.49_3|http://www.guninski.com/httpd1.html http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 http://secunia.com/advisories/11956 http://www.osvdb.org/7269|Apache input header folding DoS vulnerability|81a8c9c2-c94f-11d8-8898-000d6111a684
 isakmpd<20040611|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022399.html http://www.osvdb.org/6951 http://www.secunia.com/advisories/11827 http://www.securityfocus.com/bid/10496|isakmpd security association deletion vulnerability|9a73a5b4-c9b5-11d8-95ca-02e081301d81
 krb5<1.3.4|http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0523 http://www.osvdb.org/6846 http://secunia.com/advisories/11753 http://www.kb.cert.org/vuls/id/686862 http://www.securityfocus.com/bid/10448|MIT Kerberos 5 krb5_aname_to_localname() buffer overflow|5177b6e5-c9b7-11d8-95ca-02e081301d81
-mysql-server>=4.1.*<4.1.3|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
-mysql-server>=5.*<=5.0.0_2|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@ -36,5 +36,3 @@ libxine<1.0.r4|http://www.xinehq.de/index.php/security/XSA-2004-3 http://cve.mit
 apache>=2.*<2.0.49_3|http://www.guninski.com/httpd1.html http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 http://secunia.com/advisories/11956 http://www.osvdb.org/7269|Apache input header folding DoS vulnerability|81a8c9c2-c94f-11d8-8898-000d6111a684
 isakmpd<20040611|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022399.html http://www.osvdb.org/6951 http://www.secunia.com/advisories/11827 http://www.securityfocus.com/bid/10496|isakmpd security association deletion vulnerability|9a73a5b4-c9b5-11d8-95ca-02e081301d81
 krb5<1.3.4|http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0523 http://www.osvdb.org/6846 http://secunia.com/advisories/11753 http://www.kb.cert.org/vuls/id/686862 http://www.securityfocus.com/bid/10448|MIT Kerberos 5 krb5_aname_to_localname() buffer overflow|5177b6e5-c9b7-11d8-95ca-02e081301d81
-mysql-server>=4.1.*<4.1.3|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
-mysql-server>=5.*<=5.0.0_2|http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020|MySQL authentication bypass / buffer overflow|e5e2883d-ceb9-11d8-8898-000d6111a684
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -3856,4 +3856,35 @@ misc.c:
      <entry>2004-07-05</entry>
    </dates>
  </vuln>
+
+  <vuln vid="e5e2883d-ceb9-11d8-8898-000d6111a684">
+    <topic>MySQL authentication bypass / buffer overflow</topic>
+    <affects>
+      <package>
+        <name>mysql-server</name>
+        <range><ge>4.1.*</ge><lt>4.1.3</lt></range>
+        <range><ge>5.*</ge><le>5.0.0_2</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>By submitting a carefully crafted authentication packet, it is possible
+          for an attacker to bypass password authentication in MySQL 4.1. Using a
+          similar method, a stack buffer used in the authentication mechanism can
+          be overflowed.</p>
+      </body>
+    </description>
+    <references>
+      <url>http://www.nextgenss.com/advisories/mysql-authbypass.txt</url>
+      <url>http://dev.mysql.com/doc/mysql/en/News-4.1.3.html</url>
+      <url>http://secunia.com/advisories/12020</url>
+      <url>http://www.osvdb.org/7475</url>
+      <url>http://www.osvdb.org/7476</url>
+      <mlist msgid="Pine.LNX.4.44.0407080940550.9602-200000@pineapple.shacknet.nu">http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html</mlist>
+    </references>
+    <dates>
+      <discovery>2004-07-01</discovery>
+      <entry>2004-07-05</entry>
+    </dates>
+  </vuln>
 </vuxml>