Think you have a false positive on this rule?

Sid 1-3130

Message

PUA-OTHER Microsoft MSN Messenger png overflow

Summary

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Impact

CVSS base score 6.8 CVSS impact score 6.4 CVSS exploitability score 8.6 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL

Detailed information

Affected systems

  • mysql mysql 3.20
  • mysql mysql 3.20.32a
  • mysql mysql 3.21
  • mysql mysql 3.22
  • mysql mysql 3.22.26
  • mysql mysql 3.22.27
  • mysql mysql 3.22.28
  • mysql mysql 3.22.29
  • mysql mysql 3.22.30
  • mysql mysql 3.22.32
  • mysql mysql 3.23
  • mysql mysql 3.23.2
  • mysql mysql 3.23.3
  • mysql mysql 3.23.4
  • mysql mysql 3.23.5
  • mysql mysql 3.23.8
  • mysql mysql 3.23.9
  • mysql mysql 3.23.10
  • mysql mysql 3.23.22
  • mysql mysql 3.23.23
  • mysql mysql 3.23.24
  • mysql mysql 3.23.25
  • mysql mysql 3.23.26
  • mysql mysql 3.23.27
  • mysql mysql 3.23.28
  • mysql mysql 3.23.29
  • mysql mysql 3.23.30
  • mysql mysql 3.23.31
  • mysql mysql 3.23.32
  • mysql mysql 3.23.33
  • mysql mysql 3.23.34
  • mysql mysql 3.23.36
  • mysql mysql 3.23.37
  • mysql mysql 3.23.38
  • mysql mysql 3.23.39
  • mysql mysql 3.23.40
  • mysql mysql 3.23.41
  • mysql mysql 3.23.42
  • mysql mysql 3.23.43
  • mysql mysql 3.23.44
  • mysql mysql 3.23.45
  • mysql mysql 3.23.46
  • mysql mysql 3.23.47
  • mysql mysql 3.23.48
  • mysql mysql 3.23.49
  • mysql mysql 3.23.50
  • mysql mysql 3.23.51
  • mysql mysql 3.23.52
  • mysql mysql 3.23.53
  • mysql mysql 3.23.53a
  • mysql mysql 3.23.54
  • mysql mysql 3.23.54a
  • mysql mysql 3.23.55
  • mysql mysql 3.23.56
  • mysql mysql 3.23.58
  • mysql mysql 3.23.59
  • mysql mysql 4.0.0
  • mysql mysql 4.0.1
  • mysql mysql 4.0.2
  • mysql mysql 4.0.3
  • mysql mysql 4.0.4
  • mysql mysql 4.0.5
  • mysql mysql 4.0.5a
  • mysql mysql 4.0.6
  • mysql mysql 4.0.7
  • mysql mysql 4.0.8
  • mysql mysql 4.0.9
  • mysql mysql 4.0.10
  • mysql mysql 4.0.11
  • mysql mysql 4.0.12
  • mysql mysql 4.0.13
  • mysql mysql 4.0.14
  • mysql mysql 4.0.15
  • mysql mysql 4.0.18
  • mysql mysql 4.0.20
  • openpkg openpkg 2.1
  • openpkg openpkg 2.2
  • openpkg openpkg current
  • redhat enterprise_linux 3.0
  • redhat enterpriselinuxdesktop 3.0
  • suse suse_linux 8.0
  • suse suse_linux 8.1
  • suse suse_linux 8.2
  • suse suse_linux 9.0
  • suse suse_linux 9.1
  • suse suse_linux 9.2
  • trustix secure_linux 1.5
  • trustix secure_linux 2.0
  • trustix secure_linux 2.1
  • ubuntu ubuntu_linux 4.1

Ease of attack

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • technet.microsoft.com/en-us/security/bulletin/MS05-009