MySQL 5.0 < 5.0.88 Multiple Vulnerabilities

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL 5.0 installed on the remote host is earlier than
5.0.88. It is, therefore, potentially affected by the following
vulnerabilities :

- MySQL clients linked against OpenSSL are vulnerable
to man-in-the-middle attacks. (Bug #47320)

- The GeomFromWKB() function can be manipulated
to cause a denial of service. (Bug #47780)

- Specially crafted SELECT statements containing sub-
queries in the WHERE clause can cause the server
to crash. (Bug #48291)

- It is possible to bypass access restrictions when the
data directory contains a symbolic link to a different
file system. (Bug #39277)

See also :

Solution :

Upgrade to MySQL 5.0.88 or later.

Risk factor :

Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.8
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 42899 ()

Bugtraq ID: 37076

CVE ID: CVE-2012-4452