NASLDB: MySQL 5.1 < 5.1.18 Multiple Vulnerabilities
General
ID: 25242
Name: MySQL 5.1 < 5.1.18 Multiple Vulnerabilities
Summary: Checks version of MySQL
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 3306
Family: Databases
Type: Remote
Description
The version of MySQL installed on the remote host reportedly is
affected by several issues :
– Evaluation of an ‘IN()’ predicate with a decimal-valued
argument causes a service crash.
– A user can rename a table even though he does not have
DROP privileges.
– If a stored routine is declared as ‘SQL SECURITY INVOKER’,
a user may be able to gain privileges by invoking that
routine.
– A user with only ALTER privileges on a partitioned table
can discover information about the table that should
require SELECT privileges.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2007-2583
OSVDB: –
Bugtraq: 23911
scipID: –
Timeline
Vulnerability Disclosure: 2006/10/26
Patch Release: –
Plugin Release: 2007/05/17
Plugin
Version: 1.13
Filename: mysql_5_1_18.nasl
Filesize: 3448 bytes
MD5 Hash: 58b8a6f289754be97aef535ebaa6b4ae
Identification: –
Require Keys: Settings/ParanoidReport
Dependencies: "mysql_version.nasl"
Copyright: This script is Copyright© 2007-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack