Lucene search
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_4_0_20.NASLHistoryJan 18, 2012 - 12:00 a.m.
MySQL < 4.0.20 File Overwrite
2012-01-1800:00:00
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
26.7%
The version of MySQL installed on the remote host is older than 4.0.20. A local attacker could exploit a flaw in mysqlbug to overwite arbitrary files via a symlink attack.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(17823);
script_version("1.8");
script_cvs_date("Date: 2018/11/15 20:50:21");
script_cve_id("CVE-2004-0381");
script_bugtraq_id(9976);
script_name(english:"MySQL < 4.0.20 File Overwrite");
script_summary(english:"Checks version of MySQL server");
script_set_attribute(attribute:"synopsis", value:
"Arbitrary files could be overwritten on the remote server.");
script_set_attribute(attribute:"description", value:
"The version of MySQL installed on the remote host is older than
4.0.20. A local attacker could exploit a flaw in mysqlbug to overwite
arbitrary files via a symlink attack.");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=108206802810402&w=2");
script_set_attribute(attribute:"see_also", value:"http://marc.info/?l=bugtraq&m=108023246916294&w=2");
script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 4.0.20 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include("mysql_version.inc");
mysql_check_version(fixed:'4.0.20', severity:SECURITY_NOTE);
Related
nessus
nessus
FreeBSD : MySQL insecure temporary file creation (mysqlbug) (2e129846-8fbb-11d8-8b29-0020ed76ef5a)
2009-04-23 00:00:00
FreeBSD : MySQL insecure temporary file creation (mysqlbug) (123)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : MySQL (MDKSA-2004:034)
2004-07-31 00:00:00
openvas
openvas
FreeBSD Ports: mysql-client
2008-09-04 00:00:00
FreeBSD Ports: mysql-client
2008-09-04 00:00:00
Debian Security Advisory DSA 483-1 (mysql)
2008-01-17 00:00:00
nvd
nvd
CVE-2004-0381
2004-05-04 04:00:00
cve
cve
CVE-2004-0381
2004-05-04 04:00:00
ubuntucve
ubuntucve
CVE-2004-0381
2004-05-04 00:00:00
cvelist
cvelist
CVE-2004-0381
2004-04-06 04:00:00
freebsd
freebsd
MySQL insecure temporary file creation (mysqlbug)
2004-03-25 00:00:00
gentoo
gentoo
Insecure Temporary File Creation In MySQL
2004-05-25 00:00:00
osv
osv
mysql - insecure temporary file creation
2004-04-14 00:00:00
debian
debian
redhat
redhat
(RHSA-2004:569) mysql security update
2004-10-20 00:00:00
(RHSA-2004:597) mysql security update
2004-10-20 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
26.7%
Related for MYSQL_4_0_20.NASL