Summary
MySQL < 5.1.47 is prone to multiple vulnerabilities.
1. A remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the application to end up in a locked server state, denying service to legitimate users.
2. A security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and to read and delete content from the affected database. Other attacks may also be possible.
Versions prior to MySQL 5.1.47 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-1848, CVE-2010-1849 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- MySQL Authentication Error Message User Enumeration Vulnerability
- Oracle MySQL Multiple Unspecified vulnerabilities - 01 May14 (Windows)
- PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)
- IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Win)
- IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability