Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:097: MySQL Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the MySQL package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:097 (MySQL).
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x
before 5.0.22 allows context-dependent attackers to execute arbitrary
SQL commands via crafted multibyte encodings in character sets such as
SJIS, BIG5, and GBK, which are not properly handled when the
mysql_real_escape function is used to escape the input.
MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue.
Packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:097
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.