This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote database server is affected by multiple vulnerabilities.
The remote host is running a version of MySQL which older than version
4.0.24 or 4.1.10a. Such versions are potentially affected by multiple
- MySQL uses predictable file names when creating
temporary tables, which allows local users with 'CREATE
TEMPORARY TABLE' privileges to overwrite arbitrary files
via a symlink attack. (CVE-2005-0711)
- A flaw exists that may allow a malicious user to gain
access to unauthorized privileges when an authenticated
user with 'INSERT' and 'DELETE' privileges bypasses
library path restrictions using 'INSERT INTO' to modify
the 'mysql.func' table. (CVE-2005-0709)
- A flaw exists that may allow a mlicious user to load
arbitrary libraries when an authenticated user with
'INSERT' and 'DELETE' privileges use the 'CREATE
FUNCTION' command to specify and load an arbitrary
custom library. (CVE-2005-0710)
See also :
Upgrade to MySQL 4.0.24, 4.1.10a, or later as this reportedly fixes
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.8
Public Exploit Available : true
Nessus Plugin ID: 17313 ()
Bugtraq ID: 12781
CVE ID: CVE-2005-0709CVE-2005-0710CVE-2005-0711
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.