|
ASAP Update - 13 March 2008
ENHANCEMENTS IN THIS ASAP UPDATE INCLUDE:
Product: DbProtect Vulnerability Assessment Scan Engine (AppDetective)
Oracle
- NEW! Critical Patch Update - January 2008
Examines if the database contains vulnerabilities fixed by CPU - January 2008
Risk: High
MySQL
- NEW! ProcessOldClientHello buffer overflow
Examines if the database is susceptible to the ProcessOldClientHello buffer overflow vulnerability
Risk: High
- NEW! Hello packet DoS
Examines if the database is susceptible to the Hello packet DoS vulnerability
Risk: Medium
- NEW! Privilege escalation through RENAME statement
Examines if the database is susceptible to privilege escalation through RENAME statement vulnerability
Risk: Medium
- NEW! Privilege escalation through VIEW statement
Examines if the database is susceptible to the privilege escalation through VIEW statement vulnerability
Risk: Medium
- NEW! Authenticated user able to cause DoS via federated engine
Examines if the database is susceptible to the DoS vulnerability
Risk: Low
- NEW! Input validation error allows DoS via certain CONTAINS operations
Examines if the database is susceptible to the DoS vulnerability
Risk: Low
DISCOVERY
- Performance enhancements on port scanning in discovery
|
