MySQL 4.1 < 4.1.3 Multiple Vulnerabilities

high Nessus Plugin ID 17691

Synopsis

The remote database service is affected by multiple vulnerabilities.

Description

The version of MySQL 4.1 installed on the remote host is earlier than 4.1.3. Such versions are reported affected by multiple vulnerabilities :

- It is possible for a remote attacker to bypass the password authentication mechanism using a specially crafted packet with a zero-length scramble buff string. (CVE-2004-0627)

- The server fails to check the length of a scrambled password used by the 4.1 authentication protocol and sent as part of a client authentication packet, which can result in a stack-based buffer overflow.

Solution

Upgrade to MySQL 4.1.3 or later.

See Also

https://seclists.org/bugtraq/2004/Jul/45

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-3.html

Plugin Details

Severity: High

ID: 17691

File Name: mysql_4_1_3.nasl

Version: 1.11

Type: remote

Family: Databases

Published: 1/7/2011

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/28/2004

Vulnerability Publication Date: 7/1/2004

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2004-0627, CVE-2004-0628

BID: 10654

CERT: 184030, 645326