openSUSE 10 Security Update : derby (derby-4091)

Medium Nessus Plugin ID 28224


The remote openSUSE host is missing a security update.


Apache Derby did not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.

This update also brings a new requirement of a Java 1.5 JRE.


Update the affected derby package.

Plugin Details

Severity: Medium

ID: 28224

File Name: suse_derby-4091.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2007/11/15

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:derby, cpe:/o:novell:opensuse:10.1, cpe:/o:novell:opensuse:10.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2007/08/15

Reference Information

CVE: CVE-2006-7217