MySQL Mysqld Multiple Denial Of Service Vulnerabilities Network Vulnerability

Summary

The host is running MySQL and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation could allow users to cause a Denial of Service condution. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.49 or 5.0.92 For updates refer to http://dev.mysql.com/downloads

Insight

The flaws are due to: - An error in handling of a join query that uses a table with a unique SET column. - An error in handling of 'EXPLAIN' with crafted 'SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)' statements.

Affected

MySQL version 5.1 before 5.1.49 and 5.0 before 5.0.92 on all running platform.

References

http://bugs.mysql.com/bug.php?id=54477
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
http://www.openwall.com/lists/oss-security/2010/09/28/10
https://bugzilla.redhat.com/show_bug.cgi?id=628172

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3677, CVE-2010-3682
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

F-PROT AV 'ELF' Header Denial of Service Vulnerability
Adobe Acrobat PDF File Denial Of Service Vulnerability
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
DB2 DOS
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities