MySQL 5.1 < 5.1.71 Server Optimizer Denial of Service

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server may be affected by a denial of service
vulnerability.

Description :

The version of MySQL 5.1 installed on the remote host is earlier than
5.1.71. It is, therefore, potentially affected by multiple denial of
service vulnerabilities in the 'Server Optimizer' component.

Note: Oracle has provided a workaround to address the issue for
CVE-2012-2750.

See also :

http://www.nessus.org/u?532e14d2
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-71.html

Solution :

Upgrade to MySQL version 5.1.71 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 70461 ()

Bugtraq ID: 63109
63125

CVE ID: CVE-2012-2750
CVE-2013-3839