Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2003:013: MYSQL Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the MYSQL package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2003:013 (MYSQL).
Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS
vulnerability in the recently released 3.23.55 version of MySQL. A double free()
pointer bug in the mysql_change_user() handling would allow a specially hacked
mysql client to crash the main mysqld server. This vulnerability can only be
exploited by first logging in with a valid user account.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:013
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.