Vulnerabilities > CVE-2003-0780
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
Vulnerable Configurations
Exploit-Db
description MySQL 3.23.x/4.0.x Password Handler Buffer Overflow Vulnerability. CVE-2003-0780. Dos exploit for linux platform id EDB-ID:23138 last seen 2016-02-02 modified 2003-09-10 published 2003-09-10 reporter Frank DENIS source https://www.exploit-db.com/download/23138/ title MySQL 3.23.x/4.0.x Password Handler Buffer Overflow Vulnerability description MySQL 3.23.x/4.0.x Remote Exploit. CVE-2003-0780. Remote exploit for linux platform id EDB-ID:98 last seen 2016-01-31 modified 2003-09-14 published 2003-09-14 reporter bkbll source https://www.exploit-db.com/download/98/ title MySQL 3.23.x/4.0.x - Remote Exploit
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-282.NASL description Updated MySQL server packages fix a buffer overflow vulnerability. MySQL is a multi-user, multi-threaded SQL database server. Frank Denis reported a bug in unpatched versions of MySQL prior to version 3.23.58. Passwords for MySQL users are stored in the Password field of the user table. Under this bug, a Password field with a value greater than 16 characters can cause a buffer overflow. It may be possible for an attacker with the ability to modify the user table to exploit this buffer overflow to execute arbitrary code as the MySQL user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0780 to this issue. Users of MySQL are advised to upgrade to these erratum packages containing MySQL 3.23.58, which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 15652 published 2004-11-10 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15652 title RHEL 2.1 : mysql (RHSA-2003:282) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:282. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(15652); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0780"); script_xref(name:"RHSA", value:"2003:282"); script_name(english:"RHEL 2.1 : mysql (RHSA-2003:282)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated MySQL server packages fix a buffer overflow vulnerability. MySQL is a multi-user, multi-threaded SQL database server. Frank Denis reported a bug in unpatched versions of MySQL prior to version 3.23.58. Passwords for MySQL users are stored in the Password field of the user table. Under this bug, a Password field with a value greater than 16 characters can cause a buffer overflow. It may be possible for an attacker with the ability to modify the user table to exploit this buffer overflow to execute arbitrary code as the MySQL user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0780 to this issue. Users of MySQL are advised to upgrade to these erratum packages containing MySQL 3.23.58, which is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0780" ); # http://www.mysql.com/doc/en/News-3.23.58.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/refman/4.1/en/news-3-23-58.html" ); # http://www.mysql.com/doc/en/News-3.23.57.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/refman/4.1/en/news-3-23-57.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:282" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql, mysql-devel and / or mysql-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/22"); script_set_attribute(attribute:"patch_publication_date", value:"2003/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:282"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mysql-3.23.58-1.72")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mysql-devel-3.23.58-1.72")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mysql-server-3.23.58-1.72")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-devel / mysql-server"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-094.NASL description A buffer overflow was discovered in MySQL that could be executed by any user with last seen 2020-06-01 modified 2020-06-02 plugin id 14076 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14076 title Mandrake Linux Security Advisory : MySQL (MDKSA-2003:094) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:094. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14076); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0780"); script_xref(name:"MDKSA", value:"2003:094"); script_name(english:"Mandrake Linux Security Advisory : MySQL (MDKSA-2003:094)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow was discovered in MySQL that could be executed by any user with 'ALTER TABLE' privileges on the 'mysql' database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The 'mysql' database is used by MySQL for internal record keeping and by default only the 'root' user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem." ); # http://web.archive.org/web/20050308183850/http://lists.netsys.com:80/pipermail/full-disclosure/2003-September/009819.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6e5ad47e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-Max"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql12-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-3.23.47-5.5mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-bench-3.23.47-5.5mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"MySQL-client-3.23.47-5.5mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libmysql10-3.23.47-5.5mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libmysql10-devel-3.23.47-5.5mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-3.23.56-1.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-Max-3.23.56-1.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-bench-3.23.56-1.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"MySQL-client-3.23.56-1.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libmysql10-3.23.56-1.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libmysql10-devel-3.23.56-1.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-4.0.11a-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-Max-4.0.11a-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-bench-4.0.11a-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-client-4.0.11a-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"MySQL-common-4.0.11a-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libmysql12-4.0.11a-5.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libmysql12-devel-4.0.11a-5.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-381.NASL description MySQL, a popular relational database system, contains a buffer overflow condition which could be exploited by a user who has permission to execute last seen 2020-06-01 modified 2020-06-02 plugin id 15218 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15218 title Debian DSA-381-1 : mysql - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-381. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15218); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0780"); script_bugtraq_id(8590); script_xref(name:"DSA", value:"381"); script_name(english:"Debian DSA-381-1 : mysql - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "MySQL, a popular relational database system, contains a buffer overflow condition which could be exploited by a user who has permission to execute 'ALTER TABLE' commands on the tables in the 'mysql' database. If successfully exploited, this vulnerability could allow the attacker to execute arbitrary code with the privileges of the mysqld process (by default, user 'mysql'). Since the 'mysql' database is used for MySQL's internal record keeping, by default the mysql administrator 'root' is the only user with permission to alter its tables." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=210403" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/210403" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-381" ); script_set_attribute( attribute:"solution", value: "For the stable distribution (woody) this problem has been fixed in version 3.23.49-8.5. We recommend that you update your mysql package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libmysqlclient10", reference:"3.23.49-8.5")) flag++; if (deb_check(release:"3.0", prefix:"libmysqlclient10-dev", reference:"3.23.49-8.5")) flag++; if (deb_check(release:"3.0", prefix:"mysql-client", reference:"3.23.49-8.5")) flag++; if (deb_check(release:"3.0", prefix:"mysql-common", reference:"3.23.49-8.5")) flag++; if (deb_check(release:"3.0", prefix:"mysql-doc", reference:"3.23.49-8.5")) flag++; if (deb_check(release:"3.0", prefix:"mysql-server", reference:"3.23.49-8.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Databases NASL id MYSQL_PASSWORD_OVERFLOW.NASL description According to its banner, the version of MySQL installed on the remote host fails to validate the length of a user-supplied password in the last seen 2020-06-01 modified 2020-06-02 plugin id 11842 published 2003-09-19 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11842 title MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow code # # (C) Tenable Network Security, Inc. # # # Ref: # From: Jedi/Sector One <[email protected]> # To: [email protected] # Subject: Buffer overflow in MySQL # Message-ID: <[email protected]> # include("compat.inc"); if (description) { script_id(11842); script_version("1.32"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2003-0780"); script_bugtraq_id(8590); script_xref(name:"RHSA", value:"2003:281-01"); script_xref(name:"SuSE", value:"SUSE-SA:2003:042"); script_name(english:"MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow"); script_summary(english:"Checks for the remote MySQL version"); script_set_attribute(attribute:"synopsis", value: "The remote database server is susceptible to a buffer overflow attack."); script_set_attribute(attribute:"description", value: "According to its banner, the version of MySQL installed on the remote host fails to validate the length of a user-supplied password in the 'User' table in the 'get_salt_from_password()' function. Using a specially crafted value for a new password, an authenticated attacker with the 'ALTER DATABASE' privilege may be able to leverage this issue to trigger a buffer overflow and execute arbitrary code subject to the privileges under which the database service runs."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2003/Sep/413"); script_set_attribute(attribute:"see_also", value:"https://lists.mysql.com/announce/168"); script_set_attribute(attribute:"see_also", value:"https://lists.mysql.com/announce/169"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL 3.23.58 / 4.0.15 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/09/19"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Databases"); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_ports("Services/mysql", 3306); script_require_keys("Settings/ParanoidReport"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("mysql_func.inc"); # nb: banner checks of open source software are prone to false- # positives so only run the check if reporting is paranoid. if (report_paranoia < 2) exit(1, "This plugin only runs if 'Report paranoia' is set to 'Paranoid'."); port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE); if (mysql_init(port:port, exit_on_fail:TRUE) == 1) { version = mysql_get_version(); if ( strlen(version) && version =~ "^3\.(([0-9]\..*|(1[0-9]\..*)|(2[0-2]\..*))|23\.([0-4][0-9]|5[0-7])[^0-9])" ) { if (report_verbosity > 0) { report = '\nThe remote MySQL server\'s version is :\n\n '+version+'\n'; datadir = get_kb_item('mysql/' + port + '/datadir'); if (!empty_or_null(datadir)) { report += ' Data Dir : ' + datadir + '\n'; } databases = get_kb_item('mysql/' + port + '/databases'); if (!empty_or_null(databases)) { report += ' Databases :\n' + databases; } security_hole(port:port, extra:report); } else security_hole(port); } } mysql_close();
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html
- http://marc.info/?l=bugtraq&m=106364207129993&w=2
- http://marc.info/?l=bugtraq&m=106381424420775&w=2
- http://secunia.com/advisories/9709
- http://www.debian.org/security/2003/dsa-381
- http://www.kb.cert.org/vuls/id/516492
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:094
- http://www.redhat.com/support/errata/RHSA-2003-281.html
- http://www.redhat.com/support/errata/RHSA-2003-282.html
- http://www.securityfocus.com/archive/1/337012