Lucene search
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_4_1_13.NASLHistoryJan 18, 2012 - 12:00 a.m.
MySQL < 4.1.13 Denial of Service
2012-01-1800:00:00
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.001
Percentile
25.6%
The version of MySQL installed on the remote host is older than 4.1.13. On these versions, a local attacker could crash the replication slave via a specific query.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(17825);
script_version("1.5");
script_cvs_date("Date: 2018/11/15 20:50:21");
script_cve_id("CVE-2006-4380");
script_bugtraq_id(19794);
script_name(english:"MySQL < 4.1.13 Denial of Service");
script_summary(english:"Checks version of MySQL server");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is vulnerable to a denial of service
attack.");
script_set_attribute(attribute:"description", value:
"The version of MySQL installed on the remote host is older than
4.1.13. On these versions, a local attacker could crash the
replication slave via a specific query.");
script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=10442");
script_set_attribute(attribute:"see_also", value:"https://lists.mysql.com/internals/26123");
script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 4.1.13 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include("mysql_version.inc");
mysql_check_version(fixed:'4.1.13', severity:SECURITY_NOTE);
Related
ubuntucve
ubuntucve
CVE-2006-4380
2006-08-28 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : MySQL (MDKSA-2006:158)
2006-12-16 00:00:00
Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities
2006-10-14 00:00:00
RHEL 4 : mysql (RHSA-2006:0544)
2006-06-11 00:00:00
cve
cve
CVE-2006-4380
2006-08-28 18:04:00
cvelist
cvelist
CVE-2006-4380
2006-08-28 18:00:00
nvd
nvd
CVE-2006-4380
2006-08-28 18:04:00
osv
osv
mysql-dfsg-4.1 - several
2006-09-05 00:00:00
debian
debian
[SECURITY] [DSA 1169-1] New MySQL 4.1 packages fix several vulnerabilities
2006-09-05 06:08:29
securityvulns
securityvulns
[ MDKSA-2006:158 ] - Updated MySQL packages fix DoS vuln, initscript bug
2006-09-01 00:00:00
openvas
openvas
Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1169)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2006:0544) mysql security update
2006-06-09 00:00:00
centos
centos
mysql security update
2006-06-09 17:37:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.001
Percentile
25.6%
Related for MYSQL_4_1_13.NASL