The host is running MySQL and is prone to Denial Of Service and Spoofing Vulnerabilities

Successful exploitation could allow users to cause a Denial of Service and man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate. Impact Level: Application

Upgrade to MySQL version 5.0.88 or 5.1.41 For updates refer to http://dev.mysql.com/downloads

The flaws are due to: - mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the 'GeomFromWKB()' function. - An error in 'vio_verify_callback()' function in 'viosslfactories.c', when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates.

MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 on all running platform.

• http://bugs.mysql.com/47320
• http://bugs.mysql.com/47780
• http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
• http://marc.info/?l=oss-security&m=125881733826437&w=2

---

Updated on 2015-03-25