MySQL < 4.0.25 / 4.1.13 / 5.0.7 Multiple Vulnerabilies

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

According to its version number, the installation of MySQL on the
remote host is potentially affected by two flaws :

- A buffer overflow can be triggered when copying the name of a
user-defined function into a stack-based buffer. With
sufficient access to create a user-defined function, an
attacker may be able to exploit this and execute arbitrary
code within the context of the affected database server
process. (CVE-2005-2558)

- The mysql_create_function is not fully protected against
directory traversal attacks. On Windows, arbitrary files can
be included by using backslash characters. (CVE-2005-2573)

See also :

Solution :

Upgrade to MySQL 4.0.25 / 4.1.13 / 5.0.7 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 4.4
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 19416 ()

Bugtraq ID: 14509

CVE ID: CVE-2005-2558