MySQL < 4.0.27 / 4.1.19 / 5.0.21 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL installed on the remote host is earlier than
4.0.27 / 4.1.19 / 5.0.21. As such, it is potentially affected by the
following vulnerabilities :

- A remote attacker may be able to read portions of memory
by sending a specially crafted login packet in which the
username does not have a trailing NULL. (CVE-2006-1516)

- A remote attacker may be able to read portions of memory
by sending a specially crafted COM_TABLE_DUMP request
with an incorrect packet length. (CVE-2006-1517)

- A buffer overflow in the 'open_table()' function could
allow a remote, authenticated attacker to execute
arbitrary code via specially crafted COM_TABLE_DUMP
packets. (CVE-2006-1518)

See also :

http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
http://www.securityfocus.com/archive/1/archive/1/432734/100/0/threaded

Solution :

Upgrade to MySQL version 4.0.27 / 4.1.19 / 5.0.21 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 17697 ()

Bugtraq ID: 17780

CVE ID: CVE-2006-1516
CVE-2006-1517
CVE-2006-1518