This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
Several vulnerabilities have been discovered in MySQL, a popular SQL
database. The Common Vulnerabilities and Exposures Project identifies
the following problems :
Improper handling of SQL queries containing the NULL
character allows local users to bypass logging
Usernames without a trailing null byte allow remote
attackers to read portions of memory.
A request with an incorrect packet length allows remote
attackers to obtain sensitive information.
Specially crafted request packets with invalid length
values allow the execution of arbitrary code.
The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed :
Â woody sarge sid
mysql 3.23.49-8.15 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge2 n/a
mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a
mysql-dfsg-5.0 n/a n/a 5.0.21-3
See also :
Upgrade the mysql packages.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true