Detections
Analytics

MySQL < 4.0.21 Multiple Vulnerabilities

medium Nessus Plugin ID 15477

Language:

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

You are running a version of MySQL which is older than version 4.0.21.
Such versions are potentially affected by two flaws :

 - There is an unauthorized database GRANT privilege vulnerability, which may allow an attacker to misuse the GRANT privilege it has been given and to use it against other databases. (CVE-2004-0957)

 - A denial of service vulnerability may be triggered by the misuse of the FULLTEXT search functionality.
 (CVE-2004-0956)

Solution

Upgrade to MySQL 4.0.21 or later, as this reportedly fixes the issue.

See Also

http://bugs.mysql.com/bug.php?id=3870

https://www.suse.com/support/security/

http://www.ubuntulinux.org/usn/usn-109-1

http://bugs.mysql.com/bug.php?id=3933

Plugin Details

Severity: Medium

ID: 15477

File Name: mysql_multiple_flaws3.nasl

Version: 1.25

Type: remote

Family: Databases

Published: 10/17/2004

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/29/2004

Reference Information

CVE: CVE-2004-0956, CVE-2004-0957

BID: 11435, 11432

DSA: 707

GLSA: 200410-22

RHSA: 2004:611