Lucene search
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_3_23_56.NASLHistoryJan 18, 2012 - 12:00 a.m.
MySQL < 3.23.56 Writable Configuration Files
2012-01-1800:00:00
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
The version of MySQL installed on the remote host is older than 3.23.56. As such, it reportedly creates world-writeable files. By restarting the MySQL daemon under root ID, a local attacker could gain root privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(17820);
script_version("1.7");
script_cvs_date("Date: 2018/11/15 20:50:21");
script_cve_id("CVE-2003-0150");
script_bugtraq_id(7052);
script_xref(name:"CERT", value:"203897");
script_name(english:"MySQL < 3.23.56 Writable Configuration Files");
script_summary(english:"Checks version of MySQL Server");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of MySQL installed on the remote host is older than
3.23.56. As such, it reportedly creates world-writeable files. By
restarting the MySQL daemon under root ID, a local attacker could gain
root privileges.");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=104802285012750&w=2");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=104739810523433&w=2");
script_set_attribute(attribute:"see_also", value:"http://marc.info/?l=bugtraq&m=104715840202315&w=2");
script_set_attribute(attribute:"solution", value:"Upgrade to MySQL 3.23.56 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include("mysql_version.inc");
mysql_check_version(fixed:'3.23.56', severity:SECURITY_HOLE);
Related
nessus
nessus
MySQL datadir/my.cnf Modification Privilege Escalation
2003-03-14 00:00:00
Mandrake Linux Security Advisory : MySQL (MDKSA-2003:057)
2004-07-31 00:00:00
RHEL 2.1 : mysql (RHSA-2003:094)
2004-07-06 00:00:00
cert
cert
MySQL allows default user to be changed to root via custom "my.cnf" file
2003-03-18 00:00:00
cve
cve
CVE-2003-0150
2003-03-24 05:00:00
openvas
openvas
MySQL < 3.23.56 'mysqld' Privilege Escalation Vulnerability
2005-11-03 00:00:00
Debian Security Advisory DSA 303-1 (mysql)
2008-01-17 00:00:00
Debian Security Advisory DSA 303-1 (mysql)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA-303-1] New mysql packages fix multiple vulnerabilities
2003-05-16 00:13:30
redhat
redhat
(RHSA-2003:094) mysql security update
2003-04-28 00:00:00
osv
osv
mysql - privilege escalation
2003-05-15 00:00:00
packetstorm
packetstorm
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
2016-09-12 00:00:00
seebug
seebug
MySQL <= 5.7.15 remote Root code execution vulnerability
2016-09-13 00:00:00
Related for MYSQL_3_23_56.NASL