| VID |
25085 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
A version of MySQL which is older than 5.0.88 is running on the host. MySQL versions 5.0.x prior to 5.0.88 are Multiple Vulnerabilities.
- MySQL clients linked against OpenSSL are vulnerable to man-in-the-middle attacks. (Bug #47320)
- The GeomFromWKB() function can be manipulated to cause a denial of service. (Bug #47780)
- Specially crafted SELECT statements containing sub- queries in the WHERE clause can cause the server to crash. (Bug #48291)
* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://bugs.mysql.com/bug.php?id=47320
http://bugs.mysql.com/bug.php?id=47780
http://bugs.mysql.com/bug.php?id=48291
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
* Platforms Affected:
MySQL versions 5.0.x prior to 5.0.88
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (5.0.88 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2009-4028 (CVE) |
| Related URL |
37076 (SecurityFocus) |
| Related URL |
(ISS) |
|
