Summary
The host is running MySQL and is prone to denial of service vulnerabilities.
Impact
Successful exploitation could allow users to cause a denial of service and to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to MySQL version 5.1.51 or 5.5.6
For updates refer to http://dev.mysql.com/downloads
Insight
The flaws are due to:
- Performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
- An error in multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
Affected
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6
References
Severity
Classification
-
CVE CVE-2010-3835, CVE-2010-3839 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities
- MySQL mysqlhotcopy script insecure temporary file
- Oracle Database Server Multiple Components Multiple Vulnerabilities
- Oracle MySQL Server Multiple Vulnerabilities-04 Nov12 (Windows)
- Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows)
- IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)