This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch
The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).
The database server MySQL was updated to fix the following security problems:
- Attackers could read portions of memory by using a user name with
trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,
- Attackers could potentially execute arbitrary code by causing a
buffer overflow via specially crafted COM_TABLE_DUMP packets
The mysql server package was released on May 30th already, the
mysql-Max server package was released on June 20th after additional
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now