MySQL 5.1 < 5.1.68 Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL 5.1 installed on the remote host is earlier than
5.1.68 and is, therefore, affected by vulnerabilities related to
'yaSSL'. These errors could result in buffer overflows and possibly
arbitrary code execution.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-251/
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-68.html
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
http://www.nessus.org/u?ef866628

Solution :

Upgrade to MySQL version 5.1.68 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 65733 ()

Bugtraq ID: 58594
58595

CVE ID: CVE-2012-0553
CVE-2013-1492