MySQL < 3.23.50 / 4.0.2 Local Code Execution

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

It may be possible to execute arbitrary code via the remote database

Description :

The version of MySQL installed on the remote host is earlier than
3.23.50 or 4.0.2.

On Win32, these versions allow a local attacker to execute arbitrary
code via a long 'datadir' parameter in the 'my.ini' file.

See also :

Solution :

Upgrade to MySQL version 3.23.50 / 4.0.2 or later.

Risk factor :

Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.4
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 17819 ()

Bugtraq ID: 5853

CVE ID: CVE-2002-0969

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial