Lucene search
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_4_1_13A_OR_5_0_11.NASLHistoryJan 18, 2012 - 12:00 a.m.
MySQL < 4.1.13a / 5.0.11 Zlib Library Buffer Overflow
2012-01-1800:00:00
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.084
Percentile
94.5%
The version of MySQL installed on the remote host is older than 4.1.13a or 5.0.11 and as such, may have been linked with zlib 1.2.2.
On operating systems where the MySQL binaries are statically linked (mainly Windows and HP-UX), a remote attacker could crash the server by triggering a buffer overflow in zlib.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(17828);
script_version("1.5");
script_cvs_date("Date: 2018/07/16 14:09:12");
script_cve_id("CVE-2005-1849");
script_bugtraq_id(14340);
script_name(english:"MySQL < 4.1.13a / 5.0.11 Zlib Library Buffer Overflow");
script_summary(english:"Checks version of MySQL server");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is vulnerable to a denial of service
attack.");
script_set_attribute(attribute:"description", value:
"The version of MySQL installed on the remote host is older than
4.1.13a or 5.0.11 and as such, may have been linked with zlib 1.2.2.
On operating systems where the MySQL binaries are statically linked
(mainly Windows and HP-UX), a remote attacker could crash the server
by triggering a buffer overflow in zlib.");
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f319ad90");
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f319ad90");
script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 4.1.13a / 5.0.11 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include("mysql_version.inc");
mysql_check_version(fixed:make_list('4.1.14', '5.0.11'), severity:SECURITY_WARNING);
Related
openvas
openvas
Gentoo Security Advisory GLSA 200507-19 (zlib)
2008-09-24 00:00:00
Fedora Core 11 FEDORA-2009-10237 (deltarpm)
2009-10-13 00:00:00
FreeBSD Ports: linux_base-suse
2008-09-04 00:00:00
nessus
nessus
Fedora 10 : deltarpm-3.4-11.fc10.1 (2009-10233)
2009-10-09 00:00:00
Fedora 11 : deltarpm-3.4-17.fc11 (2009-10237)
2009-10-09 00:00:00
GLSA-200507-19 : zlib: Buffer overflow
2005-07-22 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: deltarpm-3.4-17.fc11
2009-10-09 03:37:34
[SECURITY] Fedora 11 Update: deltarpm-3.4-18.fc11
2009-10-14 01:41:13
[SECURITY] Fedora 10 Update: deltarpm-3.4-11.fc10.1
2009-10-09 03:44:10
f5
f5
K16990 : zlib 1.2.2 vulnerability CVE-2005-1849
2015-07-20 00:00:00
SOL16990 - zlib 1.2.2 vulnerability CVE-2005-1849
2015-07-20 00:00:00
gentoo
gentoo
Pngcrush: Buffer overflow
2006-03-21 00:00:00
zlib: Buffer overflow
2005-07-22 00:00:00
Compress::Zlib: Buffer overflow
2005-08-01 00:00:00
debiancve
debiancve
CVE-2005-1849
2005-07-26 04:00:00
cvelist
cvelist
CVE-2005-1849
2005-07-26 04:00:00
ubuntucve
ubuntucve
CVE-2005-1849
2005-07-26 00:00:00
debian
debian
[SECURITY] [DSA 763-1] New zlib packages fix buffer overflow
2005-07-21 02:23:53
[SECURITY] [DSA 797-2] Updated zsync i386 packages fix build error
2005-09-29 00:35:02
[SECURITY] [DSA 797-1] New zsync packages fix DOS
2005-09-02 01:52:01
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:18.zlib
2005-07-27 00:00:00
nvd
nvd
CVE-2005-1849
2005-07-26 04:00:00
freebsd
freebsd
zlib -- buffer overflow vulnerability
2005-07-27 00:00:00
cve
cve
CVE-2005-1849
2005-07-26 04:00:00
osv
osv
zsync - buffer overflow
2005-09-01 00:00:00
sash - buffer overflows
2006-04-06 00:00:00
securityvulns
securityvulns
zsync Multiple zlib Vulnerabilities
2005-09-03 00:00:00
ubuntu
ubuntu
zlib vulnerabilities
2005-07-23 00:00:00
zlib vulnerability
2005-07-21 00:00:00
zlib vulnerabilities
2005-10-29 00:00:00
centos
centos
zlib security update
2005-07-21 19:23:28
suse
suse
denial of service in zlib
2005-07-28 15:46:58
redhat
redhat
(RHSA-2005:584) zlib security update
2005-07-21 00:00:00
jvn
jvn
JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities
2015-05-19 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.084
Percentile
94.5%
Related for MYSQL_4_1_13A_OR_5_0_11.NASL