MySQL < 4.0.21 Multiple Vulnerabilities

Medium Nessus Plugin ID 15477


The remote database server is affected by multiple vulnerabilities.


You are running a version of MySQL which is older than version 4.0.21.
Such versions are potentially affected by two flaws :

- There is an unauthorized database GRANT privilege vulnerability, which may allow an attacker to misuse the GRANT privilege it has been given and to use it against other databases. (CVE-2004-0957)

- A denial of service vulnerability may be triggered by the misuse of the FULLTEXT search functionality.


Upgrade to MySQL 4.0.21 or later, as this reportedly fixes the issue.

See Also

Plugin Details

Severity: Medium

ID: 15477

File Name: mysql_multiple_flaws3.nasl

Version: 1.25

Type: remote

Family: Databases

Published: 2004/10/17

Updated: 2018/11/15

Dependencies: 10719, 91823

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/05/29

Reference Information

CVE: CVE-2004-0957, CVE-2004-0956

BID: 11435, 11432

DSA: 707

GLSA: 200410-22

RHSA: 2004:611