FreeBSD Ports: mysql-server

Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades. http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020 http://www.osvdb.org/7475 http://www.osvdb.org/7476 http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html http://www.vuxml.org/freebsd/e5e2883d-ceb9-11d8-8898-000d6111a684.html
Insight
The following package is affected: mysql-server CVE-2004-0627 The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string. CVE-2004-0628 Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.