nessus-plugins/scripts mysql_buff_overflow.nasl,NONE,1.1
Update of /usr/local/cvs/nessus-plugins/scripts
In directory raccoon.nessus.org:/tmp/cvs-serv36087
Added Files:
mysql_buff_overflow.nasl
Log Message:
mysql
--- NEW FILE: mysql_buff_overflow.nasl ---
# This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
# based on work from
# (C) Tenable Netwok Security
#
# Ref: Lukasz Wojtow
#
if(description)
{
script_id(14319);
script_bugtraq_id(10981);
script_version ("$Revision: 1.1 $");
name["english"] = "MySQL buffer overflow";
script_name(english:name["english"], francais:name["francais"]);
desc["english"] = "
You are running a version of MySQL which is older than 4.0.21
MySQL is a database which runs on both Linux/BSD and Windows platform.
This version is vulnerable to a length overflow within it's
mysql_real_connect() function. The overflow is due to an error in the
processing of a return Domain (DNS) record. An attacker, exploiting
this flaw, would need to control a DNS server which would be queried
by the MySQL server. A successful attack would give the attacker
the ability to execute arbitrary code on the remote machine.
Risk factor : Medium
Solution : Upgrade to the latest version of MySQL 4.0.21 or newer";
script_description(english:desc["english"]);
summary["english"] = "Checks for the remote MySQL version";
summary["francais"] = "Vérifie la version de MySQL";
script_summary(english:summary["english"], francais:summary["francais"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004 David Maciejak",
francais:"Ce script est Copyright (C) 2003 David Maciejak");
family["english"] = "Gain a shell remotely";
family["francais"] = "Obtenir un shell à distance";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("find_service.nes", "mysql_version.nasl");
script_require_ports("Services/mysql", 3306);
exit(0);
}
#
# The script code starts here
#
include("misc_func.inc");
port = get_kb_item("Services/mysql");
if(!port)
port = 3306;
ver=get_mysql_version(port);
if(ver==NULL)
exit(0);
if(ereg(pattern:"([03]\.[0-9]\.[0-9]|4\.0\.([01]|20))",
string:r))security_warning(port);
- Previous by Date: nessus-plugins/scripts cutenews_xss.nasl,NONE,1.1
- Next by Date: nessus-plugins/scripts fedora_2004-268.nasl, NONE, 1.1 fedora_2004-269.nasl, NONE, 1.1 suse_SA_2004_027.nasl, NONE, 1.1 solaris251_103670.nasl, 1.3, 1.4 solaris251_x86_103717.nasl, 1.2, 1.3 solaris7_106541.nasl, 1.3, 1.4 solaris7_107115.nasl, 1.3, 1.4 solaris7_107443.nasl, 1.3, 1.4 solaris7_x86_106542.nasl, 1.3, 1.4 solaris7_x86_107116.nasl, 1.3, 1.4 solaris7_x86_107444.nasl, 1.3, 1.4 solaris8_109793.nasl, 1.3, 1.4 solaris8_110934.nasl, 1.4, 1.5 solaris8_110953.nasl, 1.2, 1.3 solaris8_111332.nasl, 1.2, 1.3 solaris8_111883.nasl, 1.2, 1.3 solaris8_x86_108994.nasl, 1.3, 1.4 solaris8_x86_110935.nasl, 1.4, 1.5 solaris8_x86_110954.nasl, 1.2, 1.3 solaris9_112817.nasl, 1.2, 1.3 solaris9_112874.nasl, 1.4, 1.5 solaris9_113273.nasl, 1.4, 1.5 solaris9_113278.nasl, 1.3, 1.4 solaris9_113319.nasl, 1.3, 1.4 solaris9_113329.nasl, 1.4, 1.5 solaris9_114332.nasl, 1.3, 1.4 solaris9_117171.nasl, 1.1, 1.2 solaris9_x86_113719.nasl, 1.3, 1.4 solaris9_x86_114432.nasl, 1.3, 1.4 solaris9_x86_114858.nasl, 1.4, 1.5 solaris9_x86_114980.nasl, 1.4, 1.5 solaris9_x86_116558.nasl, 1.3, 1.4
- Previous by Thread: nessus-plugins/scripts mysql_buff_overflow.nasl,1.1,1.2
- Next by Thread: nessus-plugins/scripts mysql_hotcopy_tempfile.nasl,NONE,1.1
-
Nessus-cvs August 2004 archives indexes sorted by: [ thread ]
[ subject ]
[ author ]
[ date ]
-
Nessus-cvs list archive Table of Contents
-
More information about the Nessus-cvs mailing list
This archive was generated by a fusion of
Pipermail 0.09 (Mailman edition) and
MHonArc 2.6.8.