MySQL Community Server 5.0 < 5.0.45 Multiple Vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is susceptible to multiple attacks.

Description :

The version of MySQL Community Server installed on the remote host
is reportedly affected by a denial of service vulnerability that can
lead to a server crash with a specially crafted password packet.

It is also affected by a privilege escalation vulnerability because
'CREATE TABLE LIKE' does not require any privileges on the source
table, which allows an attacker to create arbitrary tables using the
affected application.

See also :

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-45.html

Solution :

Upgrade to MySQL Community Server version 5.0.45 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 25759 ()

Bugtraq ID: 25017

CVE ID: CVE-2007-3780
CVE-2007-3781
CVE-2007-3782