Detections
Analytics

MySQL 5.0 < 5.0.40 Multiple Vulnerabilities

medium Nessus Plugin ID 17832

Language:

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

The version of MySQL installed on the remote host is reportedly affected by several issues :

 - Evaluation of an 'IN()' predicate with a decimal-valued argument causes a service crash.

 - A remote, authenticated user can gain privileges.

Solution

Upgrade to MySQL version 5.0.40 or later.

See Also

https://bugs.mysql.com/bug.php?id=27337

https://lists.mysql.com/commits/23685

http://bugs.mysql.com/bug.php?id=27513

Plugin Details

Severity: Medium

ID: 17832

File Name: mysql_5_0_40.nasl

Version: 1.10

Type: remote

Family: Databases

Published: 1/18/2012

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/10/2007

Reference Information

CVE: CVE-2007-2583, CVE-2007-2692

BID: 23911, 24011

CWE: 189