MySQL < 3.23.50 / 4.0.2 Local Code Execution

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

It may be possible to execute arbitrary code via the remote database
server.

Description :

The version of MySQL installed on the remote host is earlier than
3.23.50 or 4.0.2.

On Win32, these versions allow a local attacker to execute arbitrary
code via a long 'datadir' parameter in the 'my.ini' file.

See also :

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
http://marc.info/?l=bugtraq&m=103358628011935&w=2

Solution :

Upgrade to MySQL version 3.23.50 / 4.0.2 or later.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 17819 ()

Bugtraq ID: 5853

CVE ID: CVE-2002-0969