| VID |
25052 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The MySQL server, according to its banner, is vulnerable to an information disclosure vulnerability via a malformed login packet. MySQL is an open-source database management system available for Microsoft Windows, Linux, and other UNIX-based operating systems. MySQL versions 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 could allow a remote, unauthenticated attacker to read portions of memory, caused by an input validation error in the "sql_parse.cc" script that fails to properly handle malformed login packets. A remote attacker could exploit this vulnerability using a specially-crafted login packet to cause portions of the memory to be disclosed in error messages. In addition to this flaw, those versions are also vulnerable to a buffer overflow vulnerability, which could allow a remote attacker to execute arbitrary machine code in the context of affected database servers.
* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
http://www.securityfocus.com/archive/1/432733/30/0/threaded
http://www.frsirt.com/english/advisories/2006/1633
http://securitytracker.com/id?1016017
http://secunia.com/advisories/19929
* Platforms Affected:
MySQL AB, MySQL versions 4.0.x prior to 4.0.27
MySQL AB, MySQL versions 4.1.x prior to 4.1.18
MySQL AB, MySQL versions 5.0.x prior to 5.0.20
MySQL AB, MySQL versions 5.1.x prior to 5.1.10
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (4.0.27 or 4.1.19 or 5.0.21 or 5.1.10 or later), available from the MySQL Download Web site at http://dev.mysql.com/downloads/ |
| Related URL |
CVE-2006-1516 (CVE) |
| Related URL |
17780 (SecurityFocus) |
| Related URL |
26236 (ISS) |
|
