MySQL < 4.1.13a / 5.0.10 Zlib Library Buffer Overflow

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code could be executed on the remote database server.

Description :

The version of MySQL installed on the remote host is older than
4.1.13a or 5.0.10 and as such, may have been linked with zlib 1.2.2.

On operating systems where the MySQL binaries are statically linked
(mainly Windows and HP-UX), a remote attacker could crash the server
or execute arbitrary code by triggering a buffer overflow in zlib.

See also :

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-10.html
http://www.nessus.org/u?d5be160d

Solution :

Upgrade to MySQL version 4.1.13a / 5.0.10 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 17827 ()

Bugtraq ID: 14162

CVE ID: CVE-2005-2096