This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The mysql_real_connect function doesn't properly handle DNS replies by
copying the IP address into a buffer without any length checking. A
specially crafted DNS reply may therefore be used to cause a buffer
overflow on affected systems.
Note that whether this issue can be exploitable depends on the system
library responsible for the gethostbyname function. The bug finder,
Lukasz Wojtow, explaines this with the following words :
In glibc there is a limitation for an IP address to have only 4 bytes
(obviously), but generally speaking the length of the address comes
with a response for dns query (i know it sounds funny but read rfc1035
if you don't believe). This bug can occur on libraries where
gethostbyname function takes length from dns's response
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false