| VID |
25047 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
A version of MySQL which is older than 4.0.24 or 4.1.10a is running on the host. MySQL versions 4.0.23 and 4.1.10 and earlier are vulnerable to multiple vulnerabilities that can be exploited by a remote authenticated attacker. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. The following individual vulnerabilities are reported:
1) It allows a remote authenticated attacker with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using 'INSERT INTO'.
2) MySQL uses predictable file names when creating temporary tables, which allows a local attacker with 'CREATE TEMPORARY TABLE' privileges to overwrite arbitrary files via a symlink attack.
3) It allows a remote authenticated attacker with INSERT and DELETE privileges to execute arbitrary code by using 'CREATE FUNCTION'.
* Note: This check solely relied on the version number of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/14547/
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html
* Platforms Affected:
MySQL AB, MySQL 4.0.23 and earlier
MySQL AB, MySQL 4.1.10 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (4.0.24 or 4.1.10a or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2005-0709,CVE-2005-0710,CVE-2005-0711 (CVE) |
| Related URL |
12781 (SecurityFocus) |
| Related URL |
19658,19659 (ISS) |
|
