MySQL < 4.0.21 Multiple Vulnerabilities

Medium Nessus Plugin ID 15477

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

You are running a version of MySQL which is older than version 4.0.21.
Such versions are potentially affected by two flaws :

- There is an unauthorized database GRANT privilege vulnerability, which may allow an attacker to misuse the GRANT privilege it has been given and to use it against other databases. (CVE-2004-0957)

- A denial of service vulnerability may be triggered by the misuse of the FULLTEXT search functionality.
(CVE-2004-0956)

Solution

Upgrade to MySQL 4.0.21 or later, as this reportedly fixes the issue.

See Also

http://bugs.mysql.com/bug.php?id=3870

https://www.suse.com/support/security/

http://www.ubuntulinux.org/usn/usn-109-1

http://bugs.mysql.com/bug.php?id=3933

Plugin Details

Severity: Medium

ID: 15477

File Name: mysql_multiple_flaws3.nasl

Version: 1.25

Type: remote

Family: Databases

Published: 2004/10/17

Updated: 2018/11/15

Dependencies: 10719, 91823

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/05/29

Reference Information

CVE: CVE-2004-0957, CVE-2004-0956

BID: 11435, 11432

DSA: 707

GLSA: 200410-22

RHSA: 2004:611