Mandrake Linux Security Advisory : MySQL (MDKSA-2002:087)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Two vulnerabilities were discovered in all versions of MySQL prior to
3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any
valid MySQL user to crash the MySQL server, the other allows anyone to
bypass the MySQL password check or execute arbitrary code with the
privilege of the user running mysqld. Another two vulnerabilities were
found, one an arbitrary size heap overflow in the mysql client library
and another that allows one to write '�' to any memory address.
Both of these flaws could allow DOS attacks or arbitary code execution
within anything linked against libmysqlclient.

See also :

http://www.nessus.org/u?3b0e0138

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13985 (mandrake_MDKSA-2002-087.nasl)

Bugtraq ID:

CVE ID: CVE-2002-1373
CVE-2002-1374
CVE-2002-1375
CVE-2002-1376

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now