MySQL 5.1 < 5.1.41 Multiple Vulnerabilities

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL 5.1 installed on the remote host is earlier than
5.1.41 and is, therefore, potentially affected by the following
vulnerabilities :

- An incomplete fix was provided in 5.1.24 for
CVE-2008-2079, a symlink-related privilege
escalation issue. (Bug #39277)

- MySQL clients linked against OpenSSL are vulnerable
to man-in-the-middle attacks. (Bug #47320)

- The GeomFromWKB() function can be manipulated
to cause a denial of service. (Bug #47780)

- Specially crafted SELECT statements containing sub-
queries in the WHERE clause can cause the server
to crash. (Bug #48291)

See also :

Solution :

Upgrade to MySQL 5.1.41 or later.

Risk factor :

Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.8
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 42900 ()

Bugtraq ID: 37075

CVE ID: CVE-2008-2079