FreeBSD : MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities (4913886c-e875-11da-b9f4-00123ffe8333)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Secunia reports :

MySQL have some vulnerabilities, which can be exploited by malicious
users to disclose potentially sensitive information and compromise a
vulnerable system.

1) An error within the code that generates an error response to an
invalid COM_TABLE_DUMP packet can be exploited by an authenticated
client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid
COM_TABLE_DUMP packets can be exploited by an authenticated client to
cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be
exploited to disclosure certain memory content of the server process
in the error messages.

See also :

http://www.wisec.it/vulns.php?page=7
http://www.wisec.it/vulns.php?page=8
http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html
http://www.nessus.org/u?496129ce

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21633 (freebsd_pkg_4913886ce87511dab9f400123ffe8333.nasl)

Bugtraq ID:

CVE ID: CVE-2006-1516
CVE-2006-1517
CVE-2006-1518

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now