| VID |
25086 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
A version of MySQL which is older than 5.1.41 is running on the host. MySQL versions 5.1.x prior to 5.1.41 are Multiple Vulnerabilities.
- An incomplete fix was provided in 5.1.24 for CVE-2008-2079, a symlink-related privilege escalation issue. (Bug #39277)
- MySQL clients linked against OpenSSL are vulnerable to man-in-the-middle attacks. (Bug #47320)
- The GeomFromWKB() function can be manipulated to cause a denial of service. (Bug #47780)
- Specially crafted SELECT statements containing sub-queries in the WHERE clause can cause the server to crash. (Bug #48291)
* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://bugs.mysql.com/bug.php?id=39277
http://bugs.mysql.com/bug.php?id=47320
http://bugs.mysql.com/bug.php?id=47780
http://bugs.mysql.com/bug.php?id=48291
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
* Platforms Affected:
MySQL versions 5.1.x prior to 5.1.41
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (5.1.41 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2008-2079 (CVE) |
| Related URL |
37075,37076 (SecurityFocus) |
| Related URL |
(ISS) |
|
