Summary
The host is running MySQL and is prone to denial of service vulnerabilities.
Impact
Successful exploitation could allow users to cause a denial of service and to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to MySQL version 5.1.51 or 5.5.6
For updates refer to http://dev.mysql.com/downloads
Insight
The flaws are due to:
- Performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
- An error in multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
Affected
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6
References
Severity
Classification
-
CVE CVE-2010-3835, CVE-2010-3839 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities
- Oracle Database Server Multiple Unspecified Vulnerabilities-02 Jan2014
- Oracle MySQL Multiple Unspecified vulnerabilities - 02 May14 (Windows)
- PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
- MongoDB BSON Object Information Disclosure Vulnerability
- MySQL Unspecified vulnerability-04 July-2013 (Windows)