Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.14319
Kategorie:Gain a shell remotely
Titel:MySQL buffer overflow
Zusammenfassung:You are running a version of MySQL which is older than 4.0.21.;;MySQL is a database which runs on both Linux/BSD and Windows platform.;This version is vulnerable to a length overflow within it's;mysql_real_connect() function. The overflow is due to an error in the;processing of a return Domain (DNS) record. An attacker, exploiting;this flaw, would need to control a DNS server which would be queried;by the MySQL server. A successful attack would give the attacker;the ability to execute arbitrary code on the remote machine.
Beschreibung:Summary:
You are running a version of MySQL which is older than 4.0.21.

MySQL is a database which runs on both Linux/BSD and Windows platform.
This version is vulnerable to a length overflow within it's
mysql_real_connect() function. The overflow is due to an error in the
processing of a return Domain (DNS) record. An attacker, exploiting
this flaw, would need to control a DNS server which would be queried
by the MySQL server. A successful attack would give the attacker
the ability to execute arbitrary code on the remote machine.

Solution:
Upgrade to the latest version of MySQL 4.0.21 or newer

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 10981
Common Vulnerability Exposure (CVE) ID: CVE-2004-0836
http://www.securityfocus.com/bid/10981
Bugtraq: 20041125 [USN-32-1] mysql vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110140517515735&w=2
Computer Incident Advisory Center Bulletin: P-018
http://www.ciac.org/ciac/bulletins/p-018.shtml
Conectiva Linux advisory: CLA-2004:892
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
Debian Security Information: DSA-562 (Google Search)
http://www.debian.org/security/2004/dsa-562
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://www.redhat.com/support/errata/RHSA-2004-597.html
http://www.redhat.com/support/errata/RHSA-2004-611.html
http://secunia.com/advisories/12305/
http://www.trustix.org/errata/2004/0054/
XForce ISS Database: mysql-realconnect-bo(17047)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17047
CopyrightThis script is Copyright (C) 2004 David Maciejak

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.