Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Databases >> MySQL password handler overflow


Vulnerability Assessment Details

MySQL password handler overflow

Vulnerability Assessment Summary
Checks for the remote MySQL version

Detailed Explanation for this Vulnerability Assessment

You are running a version of MySQL which is
older than version 4.0.15.

If you have not patched this version, then
any attacker who has the credentials to connect to this
server may execute arbitrary code on this host with
the rights of the mysql database by changing his
password with a too long one containing a shell code.


Solution : Upgrade to MySQL 3.0.58 or 4.0.15
Network Security Threat Level: Medium

Networks Security ID: 8590

Vulnerability Assessment Copyright: This script is Copyright (C) 2003-2007 Tenable Network Security

Cables, Connectors

DELL POWEREDGE M910 SERVER TWO E7530 1.86GHZ 128GB 2 X 1.2TB 10K SAS
$2199.0
DELL POWEREDGE M910 SERVER TWO E7530 1.86GHZ 128GB 2 X 1.2TB 10K SAS pictureDELL POWEREDGE M620 BLADE E5-2630LV2 2.40GHZ 192GB 2 X 250GB SATA H310
$1999.0
DELL POWEREDGE M620 BLADE E5-2630LV2 2.40GHZ 192GB 2 X 250GB SATA H310 pictureDELL POWEREDGE R730XD SERVER 12 BAY TWO E5-2670V3 2.3GHZ 768GB 6 X 3TB SAS H730
$12379.0
DELL POWEREDGE R730XD SERVER 12 BAY TWO E5-2670V3 2.3GHZ 768GB 6 X 3TB SAS H730 pictureDELL R720XD SERVER 3.5 E5-2603 1.80GHZ 192GB 4 X 600GB 10K SAS H310
$3519.0
DELL R720XD SERVER 3.5 E5-2603 1.80GHZ 192GB 4 X 600GB 10K SAS H310 picture


Discussions

No Discussions have been posted on this vulnerability.