MySQL < 5.0.23 / 5.1.12 Denial of Service

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote database server is vulnerable to a denial of service
attack.

Description :

The version of MySQL installed on the remote host is older than
5.0.23 or 5.1.12. As such, it reportedly is affected by an off-by-one
buffer overflow.

A local attacker could use this flaw to crash the service.

Note that this vulnerability is disputed as the attacker needs
extensive permissions to launch the attack. Such permissions allow
him to disrupt the service.

See also :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html
http://bugs.mysql.com/bug.php?id=20622

Solution :

Upgrade to MySQL version 5.0.23 / 5.1.12 or later.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

Family: Databases

Nessus Plugin ID: 17831 ()

Bugtraq ID:

CVE ID: CVE-2006-3486