MySQL < 5.0.23 / 5.1.12 Denial of Service

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote database server is vulnerable to a denial of service
attack.

Description :

The version of MySQL installed on the remote host is older than
5.0.23 or 5.1.12. As such, it reportedly is affected by an off-by-one
buffer overflow.

A local attacker could use this flaw to crash the service.

Note that this vulnerability is disputed as the attacker needs
extensive permissions to launch the attack. Such permissions allow
him to disrupt the service.

See also :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html
http://bugs.mysql.com/bug.php?id=20622

Solution :

Upgrade to MySQL version 5.0.23 / 5.1.12 or later.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

Family: Databases

Nessus Plugin ID: 17831 ()

Bugtraq ID:

CVE ID: CVE-2006-3486

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial