MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability Network Vulnerability

Summary

The host is running MySQL and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow users to cause a denial of service and to execute arbitrary code. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.51 For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error in 'Gis_line_string::init_from_wkb()' function in 'sql/spatial.cc',allows remote authenticated users to cause a denial of service by calling the PolyFromWKB function with WKB data containing a crafted number of line strings or line points.

Affected

MySQL version 5.1 before 5.1.51

References

http://bugs.mysql.com/bug.php?id=54568
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
http://secunia.com/advisories/42875

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3840
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
Oracle Database 'XML DB component' Unspecified vulnerability
IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability
IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability
Oracle Database Server Multiple Components Multiple Vulnerabilities

Take action and discover your vulnerabilities