MySQL < 4.0.25 / 4.1.13 / 5.0.7 Multiple Vulnerabilies

medium Nessus Plugin ID 19416

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

According to its version number, the installation of MySQL on the remote host is potentially affected by two flaws :

- A buffer overflow can be triggered when copying the name of a user-defined function into a stack-based buffer. With sufficient access to create a user-defined function, an attacker may be able to exploit this and execute arbitrary code within the context of the affected database server process. (CVE-2005-2558)

- The mysql_create_function is not fully protected against directory traversal attacks. On Windows, arbitrary files can be included by using backslash characters. (CVE-2005-2573)

Solution

Upgrade to MySQL 4.0.25 / 4.1.13 / 5.0.7 or later.

See Also

https://www.trustwave.com/Company/AppSecInc-is-now-Trustwave/

http://www.nessus.org/u?667d0ac2

https://marc.info/?l=bugtraq&m=112360618320729&w=2

Plugin Details

Severity: Medium

ID: 19416

File Name: mysql_init_syms_buffer_overflow.nasl

Version: 1.23

Type: remote

Family: Databases

Published: 8/10/2005

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/5/2005

Reference Information

CVE: CVE-2005-2558, CVE-2005-2573

BID: 14509