Summary
The host is running MySQL and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation could allow an attacker to cause a denial of service and to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to MySQL version 5.0.92, or 5.1.51 or 5.5.6 For updates refer to http://dev.mysql.com/downloads
Insight
The flaws are due to:
- An error in propagating the type errors, which allows remote attackers to cause a denial of service via crafted arguments to extreme-value functions such as 'LEAST' or 'GREATEST'.
- An unspecified error in vectors related to materializing a derived table that required a temporary table for grouping and user variable assignments.
- An error in handling prepared statements that uses GROUP_CONCAT with the WITH ROLLUP modifier.
- An error in handling a query that uses the GREATEST or LEAST function with a mixed list of numeric and LONGBLOB arguments.
Affected
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6
References
Severity
Classification
-
CVE CVE-2010-3833, CVE-2010-3834, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Win)
- MongoDB engine_v8 Denial of Service Vulnerability
- Oracle MySQL Multiple Unspecified vulnerabilities-02 Feb15 (Windows)
- Oracle MySQL Multiple Unspecified vulnerabilities-01 July14 (Windows)
- Oracle MySQL Multiple Unspecified vulnerabilities - 02 Jan14 (Windows)