This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote database server is affected by multiple vulnerabilities.
The version of MySQL Community Server installed on the remote host is
earlier than 5.1.47 / 5.0.91 and is, therefore, potentially affected
by the following vulnerabilities :
- The server may continue reading packets indefinitely
if it receives a packet larger than the maximum size
of one packet, which could allow an unauthenticated,
remote attacker to consume a high level of CPU
and bandwidth. (Bug #50974)
- Using an overly long table name argument to the
'COM_FIELD_LIST' command, an authenticated user can
overflow a buffer and execute arbitrary code on the
affected host. (Bug #53237)
- Using a specially crafted table name argument to
'COM_FIELD_LIST', an authenticated user can bypass
almost all forms of checks for privileges and table-
level grants. (Bug #53371)
See also :
Upgrade to MySQL Community Server 5.1.47 / 5.0.91 or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.1
Public Exploit Available : true
Nessus Plugin ID: 46702 ()
Bugtraq ID: 401004010640109
CVE ID: CVE-2010-1848CVE-2010-1849CVE-2010-1850
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.