MySQL < 4.0.25 / 4.1.13 / 5.0.7 Multiple Vulnerabilies

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

According to its version number, the installation of MySQL on the
remote host is potentially affected by two flaws :

- A buffer overflow can be triggered when copying the name of a
user-defined function into a stack-based buffer. With
sufficient access to create a user-defined function, an
attacker may be able to exploit this and execute arbitrary
code within the context of the affected database server
process. (CVE-2005-2558)

- The mysql_create_function is not fully protected against
directory traversal attacks. On Windows, arbitrary files can
be included by using backslash characters. (CVE-2005-2573)

See also :

http://www.appsecinc.com/resources/alerts/mysql/2005-002.html
http://www.nessus.org/u?667d0ac2
http://marc.info/?l=bugtraq&m=112360618320729&w=2

Solution :

Upgrade to MySQL 4.0.25 / 4.1.13 / 5.0.7 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 19416 ()

Bugtraq ID: 14509

CVE ID: CVE-2005-2558
CVE-2005-2573