MySQL < 3.23.59 / 4.0.21 Multiple Vulnerabilities

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The remote host is running a version of the MySQL database which is
older than 4.0.21 or 3.23.59.

MySQL is a database which runs on both Linux/BSD and Windows platform.
The remote version of this software is vulnerable to specially
crafted 'ALTER TABLE SQL' query which can be exploited to bypass some
applied security restrictions or cause a denial of service.

To exploit this flaw, an attacker would need the ability to execute
arbitrary SQL statements on the remote host.

See also :

http://marc.info/?l=bugtraq&m=110140517515735&w=2

Solution :

Upgrade to the latest version of MySQL 3.23.59 or 4.0.21 or newer.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 15449 ()

Bugtraq ID: 11357

CVE ID: CVE-2004-0835
CVE-2004-0837