• Services
  • Blog
  • Knowledge Base
  • Contact
our services
  • Application Penetration Testing

    • Username Enumeration
    • iOS Frida Objection Pentesting Cheat Sheet
    • URL Redirection – Attack and Defense
    • Jailbreaking iOS 13 with unc0ver
    • X-Runtime Header Timing Attacks
    • wkhtmltopdf File Inclusion Vulnerability
    • API Mass Assignment Vulnerability
    • Web Server TRACE Enabled
  • AWS Pentesting

    • Protecting S3 buckets using IAM and KMS
    • Misconfigured S3 Bucket
    • S3 Storage Does Not Require Authentication
  • DevOps Security

    • Securing Travis CI
  • Encryption

    • TLS 1.0 Initialization Vector Implementation Information Disclosure Vulnerability
    • OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability
    • Null Ciphers Supported
    • ‘Export Ciphers’ Enabled
  • Network Penetration Testing

    • .NET Handler Enumeration
    • TLS_FALLBACK_SCSV Not Supported
    • PHP Easter Eggs Enabled
    • MySQL Multiple Vulnerabilities
    • Debian Predictable Random Number Generator Weakness
    • Cisco IKE Fragmentation Vulnerability
  • Pentesting Fundamentals

    • Essential Wireshark Skills for Pentesting
    • Testing Cookie Based Session Management
  • Windows Hardening

    • Resolving “Windows NetBIOS / SMB Remote Host Information Disclosure” (2020)
Network Penetration Testing

MySQL Multiple Vulnerabilities

our services

A MySQL server was identified to be using an out of date and vulnerable version of MySQL. The 5.0 release is no longer actively developed and should not be used in production environments. Below shows an example of a version of MySQL identified: $ nc 10.0.0.24 3306
5.0.34-enterprise-nt

For a list of vulnerabilities affecting this version of MySQL please reference the following URL: http://www.cvedetails.com/vulnerability-list/vendor_id-185/product_id-316/version_id-140341/Mysql-Mysql-5.0.34.html

Remediation

Virtue Security recommends that MySQL installations are upgraded to the latest patch level of 5.5 or 5.6 releases. MySQL requires that all installations are upgraded sequentially, so a 5.0 release must be upgraded to 5.1 before it is upgraded to 5.5. Because of this, some servers may need to be upgraded two or three times before a current version is reached. Below is the basic procedure for each iteration: 1. Backup database with the mysqldump command 2. Install the next major release of MySQL 3. Check table integrity with the mysql_upgrade command If a package management system is used to maintain software, packages should be updated and verified. The MySQL version can be obtained at the command line with the following command:

$ mysql --version

If packages were compiled from source or downloaded binaries, updated binaries should be obtained from http://dev.mysql.com/downloads/

For detailed instructions and considerations for upgrading specific versions of MySQL, please reference the following URLs: – Version 5.0 to 5.1

https://dev.mysql.com/doc/refman/5.1/en/upgrading-from-previous-series.html – Version 5.1 to 5.5

https://dev.mysql.com/doc/refman/5.5/en/upgrading-from-previous-series.html – Version 5.5 to 5.6

https://dev.mysql.com/doc/refman/5.6/en/upgrading-from-previous-series.html

← Debian Predictable Random Number Generator Weakness
Null Ciphers Supported →
  • Services
  • Blog
  • Knowledge Base
  • Contact
Looking for a better
penetration test?

Make an appointment with an expert today

    Request a meeting invite? (EDT)

    Contact ASAP3:00 PM Today4:00 PM Today1:00 PM Tomorrow3:00 PM TomorrowOther / Just Send Info