Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html
http://secunia.com/advisories/12020
http://www.osvdb.org/7475
http://www.osvdb.org/7476
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html http://www.vuxml.org/freebsd/e5e2883d-ceb9-11d8-8898-000d6111a684.html
Insight
The following package is affected: mysql-server
CVE-2004-0627
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
CVE-2004-0628
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
Severity
Classification
-
CVE CVE-2004-0627, CVE-2004-0628 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities