MySQL Community Server < 5.1.51 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL Community Server installed on the remote host is
earlier than 5.1.51 and is, therefore, potentially affected by
multiple vulnerabilities:

- A privilege escalation vulnerability exists when using
statement-based replication. Version specific comments
used on a master server with a lesser release version
than its slave can allow the MySQL privilege system on
the slave server to be subverted. (49124)

- An authenticated user can crash the MySQL server by
passing improper WKB to the 'PolyFromWKB()' function.

- The improper handling of type errors during argument
evaluation in extreme-value functions, e.g., 'LEAST()'
or 'GREATEST()' caused server crashes. (55826)

- The creation of derived tables needing a temporary
grouping table caused server crashes. (55568)

- The re-evaluation of a user-variable assignment
expression after the creation of a temporary table
caused server crashes. (55564)

- The 'convert_tz()' function can be used to crash the
server by setting the timezone argument to an empty
SET column value. (55424)

- The pre-evaluation of 'LIKE' predicates while preparing
a view caused server crashes. (54568)

- The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused
server crashes. (54476)

- The use of an intermediate temporary table and queries
containing calls to 'GREATEST()' or 'LEAST()', having
a list of both numeric and 'LONGBLOB' arguments, caused
server crashes. (54461)

- The use of nested joins in prepared statements or
stored procedures could result in infinite loops.

See also :

Solution :

Upgrade to MySQL Community Server 5.1.51 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 5.2
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now