ID CVE-2009-4019
Summary mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
References
Vulnerable Configurations
  • MySQL 5.0
    cpe:2.3:a:mysql:mysql:5.0
  • MySQL MySQL 5.0.0
    cpe:2.3:a:mysql:mysql:5.0.0
  • MySQL MySQL 5.0.0 alpha
    cpe:2.3:a:mysql:mysql:5.0.0:alpha
  • MySQL MySQL 5.0.0.0
    cpe:2.3:a:mysql:mysql:5.0.0.0
  • MySQL MySQL 5.0.1
    cpe:2.3:a:mysql:mysql:5.0.1
  • MySQL MySQL 5.0.1a
    cpe:2.3:a:mysql:mysql:5.0.1a
  • MySQL MySQL 5.0.2
    cpe:2.3:a:mysql:mysql:5.0.2
  • MySQL MySQL 5.0.3
    cpe:2.3:a:mysql:mysql:5.0.3
  • MySQL MySQL 5.0.3 Beta
    cpe:2.3:a:mysql:mysql:5.0.3:beta
  • MySQL MySQL 5.0.3a
    cpe:2.3:a:mysql:mysql:5.0.3a
  • MySQL MySQL 5.0.4
    cpe:2.3:a:mysql:mysql:5.0.4
  • MySQL MySQL 5.0.4a
    cpe:2.3:a:mysql:mysql:5.0.4a
  • MySQL MySQL 5.0.5
    cpe:2.3:a:mysql:mysql:5.0.5
  • cpe:2.3:a:mysql:mysql:5.0.5.0.21
    cpe:2.3:a:mysql:mysql:5.0.5.0.21
  • MySQL MySQL 5.0.6
    cpe:2.3:a:mysql:mysql:5.0.6
  • MySQL MySQL 5.0.7
    cpe:2.3:a:mysql:mysql:5.0.7
  • MySQL MySQL 5.0.8
    cpe:2.3:a:mysql:mysql:5.0.8
  • MySQL MySQL 5.0.10
    cpe:2.3:a:mysql:mysql:5.0.10
  • MySQL MySQL 5.0.10a
    cpe:2.3:a:mysql:mysql:5.0.10a
  • MySQL MySQL 5.0.11
    cpe:2.3:a:mysql:mysql:5.0.11
  • MySQL MySQL 5.0.12
    cpe:2.3:a:mysql:mysql:5.0.12
  • MySQL MySQL 5.0.13
    cpe:2.3:a:mysql:mysql:5.0.13
  • MySQL MySQL 5.0.14
    cpe:2.3:a:mysql:mysql:5.0.14
  • MySQL MySQL 5.0.15
    cpe:2.3:a:mysql:mysql:5.0.15
  • MySQL MySQL 5.0.15a
    cpe:2.3:a:mysql:mysql:5.0.15a
  • MySQL MySQL 5.0.16
    cpe:2.3:a:mysql:mysql:5.0.16
  • MySQL MySQL 5.0.16a
    cpe:2.3:a:mysql:mysql:5.0.16a
  • MySQL MySQL 5.0.17
    cpe:2.3:a:mysql:mysql:5.0.17
  • MySQL MySQL 5.0.17a
    cpe:2.3:a:mysql:mysql:5.0.17a
  • MySQL MySQL 5.0.18
    cpe:2.3:a:mysql:mysql:5.0.18
  • MySQL MySQL 5.0.19
    cpe:2.3:a:mysql:mysql:5.0.19
  • MySQL MySQL 5.0.20
    cpe:2.3:a:mysql:mysql:5.0.20
  • MySQL MySQL 5.0.20a
    cpe:2.3:a:mysql:mysql:5.0.20a
  • MySQL MySQL 5.0.21
    cpe:2.3:a:mysql:mysql:5.0.21
  • MySQL MySQL 5.0.22
    cpe:2.3:a:mysql:mysql:5.0.22
  • cpe:2.3:a:mysql:mysql:5.0.22.1.0.1
    cpe:2.3:a:mysql:mysql:5.0.22.1.0.1
  • MySQL 5.0.23
    cpe:2.3:a:mysql:mysql:5.0.23
  • MySQL MySQL 5.0.24
    cpe:2.3:a:mysql:mysql:5.0.24
  • MySQL 5.0.24a
    cpe:2.3:a:mysql:mysql:5.0.24a
  • MySQL 5.0.25
    cpe:2.3:a:mysql:mysql:5.0.25
  • MySQL 5.0.26
    cpe:2.3:a:mysql:mysql:5.0.26
  • MySQL MySQL 5.0.27
    cpe:2.3:a:mysql:mysql:5.0.27
  • MySQL 5.0.30
    cpe:2.3:a:mysql:mysql:5.0.30
  • MySQL 5.0.30 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.0.30:sp1
  • MySQL 5.0.32
    cpe:2.3:a:mysql:mysql:5.0.32
  • MySQL MySQL 5.0.33
    cpe:2.3:a:mysql:mysql:5.0.33
  • MySQL 5.0.36
    cpe:2.3:a:mysql:mysql:5.0.36
  • MySQL MySQL 5.0.37
    cpe:2.3:a:mysql:mysql:5.0.37
  • MySQL 5.0.38
    cpe:2.3:a:mysql:mysql:5.0.38
  • MySQL5.0.41
    cpe:2.3:a:mysql:mysql:5.0.41
  • MySQL5.0.42
    cpe:2.3:a:mysql:mysql:5.0.42
  • MySQL5.0.44
    cpe:2.3:a:mysql:mysql:5.0.44
  • MySQL5.0.45
    cpe:2.3:a:mysql:mysql:5.0.45
  • MySQL5.0.50
    cpe:2.3:a:mysql:mysql:5.0.50
  • cpe:2.3:a:mysql:mysql:5.0.51
    cpe:2.3:a:mysql:mysql:5.0.51
  • MySQL 5.0.51a
    cpe:2.3:a:mysql:mysql:5.0.51a
  • MySQL 5.0.51b
    cpe:2.3:a:mysql:mysql:5.0.51b
  • MySQL5.0.52
    cpe:2.3:a:mysql:mysql:5.0.52
  • MySQL5.0.54
    cpe:2.3:a:mysql:mysql:5.0.54
  • MySQL5.0.56
    cpe:2.3:a:mysql:mysql:5.0.56
  • MySQL5.0.60
    cpe:2.3:a:mysql:mysql:5.0.60
  • MySQL5.0.66
    cpe:2.3:a:mysql:mysql:5.0.66
  • MySQL5.0.75
    cpe:2.3:a:mysql:mysql:5.0.75
  • MySQL5.0.77
    cpe:2.3:a:mysql:mysql:5.0.77
  • Mysql 5.0.81
    cpe:2.3:a:mysql:mysql:5.0.81
  • MySQL5.0.82
    cpe:2.3:a:mysql:mysql:5.0.82
  • MySQL5.0.83
    cpe:2.3:a:mysql:mysql:5.0.83
  • MySQL 5.1
    cpe:2.3:a:mysql:mysql:5.1
  • MySQL 5.1.1
    cpe:2.3:a:mysql:mysql:5.1.1
  • MySQL 5.1.2
    cpe:2.3:a:mysql:mysql:5.1.2
  • MySQL 5.1.3
    cpe:2.3:a:mysql:mysql:5.1.3
  • MySQL 5.1.4
    cpe:2.3:a:mysql:mysql:5.1.4
  • MySQL 5.1.5
    cpe:2.3:a:mysql:mysql:5.1.5
  • MySQL 5.1.5a
    cpe:2.3:a:mysql:mysql:5.1.5a
  • MySQL 5.1.6
    cpe:2.3:a:mysql:mysql:5.1.6
  • MySQL 5.1.7
    cpe:2.3:a:mysql:mysql:5.1.7
  • MySQL 5.1.8
    cpe:2.3:a:mysql:mysql:5.1.8
  • MySQL 5.1.9
    cpe:2.3:a:mysql:mysql:5.1.9
  • MySQL 5.1.10
    cpe:2.3:a:mysql:mysql:5.1.10
  • MySQL 5.1.11
    cpe:2.3:a:mysql:mysql:5.1.11
  • MySQL 5.1.12
    cpe:2.3:a:mysql:mysql:5.1.12
  • MySQL 5.1.13
    cpe:2.3:a:mysql:mysql:5.1.13
  • MySQL 5.1.14
    cpe:2.3:a:mysql:mysql:5.1.14
  • MySQL 5.1.15
    cpe:2.3:a:mysql:mysql:5.1.15
  • MySQL 5.1.16
    cpe:2.3:a:mysql:mysql:5.1.16
  • MySQL 5.1.17
    cpe:2.3:a:mysql:mysql:5.1.17
  • MySQL 5.1.18
    cpe:2.3:a:mysql:mysql:5.1.18
  • MySQL 5.1.19
    cpe:2.3:a:mysql:mysql:5.1.19
  • MySQL 5.1.20
    cpe:2.3:a:mysql:mysql:5.1.20
  • MySQL 5.1.21
    cpe:2.3:a:mysql:mysql:5.1.21
  • MySQL 5.1.22
    cpe:2.3:a:mysql:mysql:5.1.22
  • MySQL 5.1.23
    cpe:2.3:a:mysql:mysql:5.1.23
  • MySQL 5.1.23_bk
    cpe:2.3:a:mysql:mysql:5.1.23_bk
  • MySQL 5.1.23a
    cpe:2.3:a:mysql:mysql:5.1.23a
  • MySQL 5.1.30
    cpe:2.3:a:mysql:mysql:5.1.30
  • MySQL 5.1.32-bzr
    cpe:2.3:a:mysql:mysql:5.1.32-bzr
CVSS
Base: 4.0 (as of 01-12-2009 - 08:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description MySQL 6.0.9 GeomFromWKB() Function First Argument Geometry Value Handling DoS. CVE-2009-4019. Dos exploit for linux platform
    id EDB-ID:33398
    last seen 2016-02-03
    modified 2009-11-23
    published 2009-11-23
    reporter Shane Bester
    source https://www.exploit-db.com/download/33398/
    title MySQL <= 6.0.9 GeomFromWKB Function First Argument Geometry Value Handling DoS
  • description MySQL 6.0.9 SELECT Statement WHERE Clause Sub-query DoS. CVE-2009-4019. Dos exploit for linux platform
    id EDB-ID:33397
    last seen 2016-02-03
    modified 2009-11-23
    published 2009-11-23
    reporter Shane Bester
    source https://www.exploit-db.com/download/33397/
    title MySQL <= 6.0.9 SELECT Statement WHERE Clause Sub-query DoS
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1397-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58325
    published 2012-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58325
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12180.NASL
    description See http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 43113
    published 2009-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43113
    title Fedora 10 : mysql-5.0.88-1.fc10 (2009-12180)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-13466.NASL
    description - Update to MySQL 5.1.41, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html including security fixes - Stop waiting during 'service mysqld start' if mysqld_safe exits Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 43374
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43374
    title Fedora 12 : mysql-5.1.41-2.fc12 (2009-13466)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-012.NASL
    description Multiple vulnerabilities has been found and corrected in mysql : mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). The updated packages have been patched to correct these issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded to the latest stable 5.1 release (5.1.42).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48166
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48166
    title Mandriva Linux Security Advisory : mysql (MDVSA-2010:012)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201201-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201201-02 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 57446
    published 2012-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57446
    title GLSA-201201-02 : MySQL: Multiple vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_3.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 45372
    published 2010-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45372
    title Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0109.NASL
    description From Red Hat Security Advisory 2010:0109 : Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use this flaw to trick MySQL clients into connecting to a spoofed MySQL server. (CVE-2009-4028) Note: This fix may uncover previously hidden SSL configuration issues, such as incorrect CA certificates being used by clients or expired server certificates. This update should be carefully tested in deployments where SSL connections are used. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon (mysqld). This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash. (CVE-2009-4019) When the 'datadir' option was configured with a relative path, MySQL did not properly check paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. (CVE-2009-4030) Note: Due to the security risks and previous security issues related to the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not depending on this feature should consider disabling it by adding 'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf' configuration file. In this update, an example of such a configuration was added to the default 'my.cnf' file. All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67997
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67997
    title Oracle Linux 5 : mysql (ELSA-2010-0109)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBMYSQLCLIENT-DEVEL-100401.NASL
    description Updated mysql packages fix the following bugs : - upstream #47320 - checking server certificates (CVE-2009-4028) - upstream #48291 - error handling in subqueries (CVE-2009-4019) - upstream #47780 - preserving null_value flag in GeomFromWKB() (CVE-2009-4019) - upstream #39277 - symlink behaviour fixed (CVE-2008-7247) - upstream #32167 - symlink behaviour refixed (CVE-2009-4030)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46235
    published 2010-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46235
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBMYSQLCLIENT-DEVEL-100429.NASL
    description Updated MySQL packages fix the following bugs : - upstream #47320 - checking server certificates. (CVE-2009-4028) - upstream #48291 - error handling in subqueries. (CVE-2009-4019) - upstream #47780 - preserving null_value flag in GeomFromWKB(). (CVE-2009-4019) - upstream #39277 - symlink behaviour fixed. (CVE-2008-7247) - upstream #32167 - symlink behaviour refixed (CVE-2009-4030)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 50935
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50935
    title SuSE 11 Security Update : MySQL (SAT Patch Number 2317)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBMYSQLCLIENT-DEVEL-091216.NASL
    description This update fixes several security issues in mysql : - checking server certificates (CVE-2009-4028) - error handling in subqueries (CVE-2009-4019) - preserving null_value flag in GeomFromWKB (CVE-2009-4019) - symlink behavior fixed (CVE-2008-7247) - symlink behavior refixed (CVE-2009-4030)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46218
    published 2010-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46218
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-897-1.NASL
    description It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. (CVE-2008-4098) It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2008-4456) It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. (CVE-2008-7247) It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2446) It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2009-4019) It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. (CVE-2009-4030) It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile. (CVE-2009-4484). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44585
    published 2010-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44585
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-897-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1997.NASL
    description Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4019 Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. - CVE-2009-4030 Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. - CVE-2009-4484 Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44861
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44861
    title Debian DSA-1997-1 : mysql-dfsg-5.0 - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0109.NASL
    description Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use this flaw to trick MySQL clients into connecting to a spoofed MySQL server. (CVE-2009-4028) Note: This fix may uncover previously hidden SSL configuration issues, such as incorrect CA certificates being used by clients or expired server certificates. This update should be carefully tested in deployments where SSL connections are used. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon (mysqld). This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash. (CVE-2009-4019) When the 'datadir' option was configured with a relative path, MySQL did not properly check paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. (CVE-2009-4030) Note: Due to the security risks and previous security issues related to the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not depending on this feature should consider disabling it by adding 'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf' configuration file. In this update, an example of such a configuration was added to the default 'my.cnf' file. All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44948
    published 2010-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44948
    title CentOS 5 : mysql (CESA-2010:0109)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBMYSQLCLIENT-DEVEL-091216.NASL
    description This update fixes several security issues in mysql : - checking server certificates (CVE-2009-4028) - error handling in subqueries (CVE-2009-4019) - preserving null_value flag in GeomFromWKB (CVE-2009-4019) - symlink behavior fixed (CVE-2008-7247) - symlink behavior refixed (CVE-2009-4030)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46219
    published 2010-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46219
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0109.NASL
    description Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use this flaw to trick MySQL clients into connecting to a spoofed MySQL server. (CVE-2009-4028) Note: This fix may uncover previously hidden SSL configuration issues, such as incorrect CA certificates being used by clients or expired server certificates. This update should be carefully tested in deployments where SSL connections are used. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon (mysqld). This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash. (CVE-2009-4019) When the 'datadir' option was configured with a relative path, MySQL did not properly check paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. (CVE-2009-4030) Note: Due to the security risks and previous security issues related to the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not depending on this feature should consider disabling it by adding 'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf' configuration file. In this update, an example of such a configuration was added to the default 'my.cnf' file. All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44634
    published 2010-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44634
    title RHEL 5 : mysql (RHSA-2010:0109)
  • NASL family Databases
    NASL id MYSQL_5_0_88.NASL
    description The version of MySQL 5.0 installed on the remote host is earlier than 5.0.88. It is, therefore, potentially affected by the following vulnerabilities : - MySQL clients linked against OpenSSL are vulnerable to man-in-the-middle attacks. (Bug #47320) - The GeomFromWKB() function can be manipulated to cause a denial of service. (Bug #47780) - Specially crafted SELECT statements containing sub- queries in the WHERE clause can cause the server to crash. (Bug #48291) - It is possible to bypass access restrictions when the data directory contains a symbolic link to a different file system. (Bug #39277)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42899
    published 2009-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42899
    title MySQL 5.0 < 5.0.88 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-13504.NASL
    description - Update to MySQL 5.1.41, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html including security fixes - Stop waiting during 'service mysqld start' if mysqld_safe exits Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 43375
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43375
    title Fedora 11 : mysql-5.1.41-2.fc11 (2009-13504)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBMYSQLCLIENT-DEVEL-091215.NASL
    description This update fixes several security issues in mysql : - checking server certificates (CVE-2009-4028) - error handling in subqueries (CVE-2009-4019) - preserving null_value flag in GeomFromWKB (CVE-2009-4019) - symlink behavior fixed (CVE-2008-7247) - symlink behavior refixed (CVE-2009-4030)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46220
    published 2010-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46220
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-6897.NASL
    description This update fixes various security issues (bnc#557669) : upstream #47320 - checking server certificates (CVE-2009-4028) upstream #48291 - error handling in subqueries (CVE-2009-4019) upstream #47780 - preserving null_value flag in GeomFromWKB() (CVE-2009-4019) upstream #39277 - symlink behaviour fixed (CVE-2008-7247) upstream #32167 - symlink behaviour refixed (CVE-2009-4030) fixing remote buffer overflow. (CVE-2009-4484)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 45107
    published 2010-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45107
    title SuSE 10 Security Update : MySQL (ZYPP Patch Number 6897)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-011.NASL
    description Multiple vulnerabilities has been found and corrected in mysql : mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. Additionally for 2009.0 and MES5 mysql has also been upgraded to the last stable 5.0 release (5.0.89).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 44043
    published 2010-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44043
    title Mandriva Linux Security Advisory : mysql (MDVSA-2010:011)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBMYSQLCLIENT-DEVEL-100504.NASL
    description Updated mysql packages fix the following bugs : - upstream #47320 - checking server certificates (CVE-2009-4028) - upstream #48291 - error handling in subqueries (CVE-2009-4019) - upstream #47780 - preserving null_value flag in GeomFromWKB() (CVE-2009-4019) - upstream #39277 - symlink behaviour fixed (CVE-2008-7247) - upstream #32167 - symlink behaviour refixed (CVE-2009-4030)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46229
    published 2010-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46229
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBMYSQLCLIENT-DEVEL-100401.NASL
    description Updated mysql packages fix the following bugs : - upstream #47320 - checking server certificates (CVE-2009-4028) - upstream #48291 - error handling in subqueries (CVE-2009-4019) - upstream #47780 - preserving null_value flag in GeomFromWKB() (CVE-2009-4019) - upstream #39277 - symlink behaviour fixed (CVE-2008-7247) - upstream #32167 - symlink behaviour refixed (CVE-2009-4030)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46232
    published 2010-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46232
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-6899.NASL
    description This update fixes various security issues (bnc#557669) : upstream #47320 - checking server certificates (CVE-2009-4028) upstream #48291 - error handling in subqueries (CVE-2009-4019) upstream #47780 - preserving null_value flag in GeomFromWKB() (CVE-2009-4019) upstream #39277 - symlink behaviour fixed (CVE-2008-7247) upstream #32167 - symlink behaviour refixed (CVE-2009-4030) fixing remote buffer overflow. (CVE-2009-4484)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49903
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49903
    title SuSE 10 Security Update : MySQL (ZYPP Patch Number 6899)
  • NASL family Databases
    NASL id MYSQL_5_1_41.NASL
    description The version of MySQL 5.1 installed on the remote host is earlier than 5.1.41 and is, therefore, potentially affected by the following vulnerabilities : - An incomplete fix was provided in 5.1.24 for CVE-2008-2079, a symlink-related privilege escalation issue. (Bug #39277) - MySQL clients linked against OpenSSL are vulnerable to man-in-the-middle attacks. (Bug #47320) - The GeomFromWKB() function can be manipulated to cause a denial of service. (Bug #47780) - Specially crafted SELECT statements containing sub- queries in the WHERE clause can cause the server to crash. (Bug #48291)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42900
    published 2009-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42900
    title MySQL 5.1 < 5.1.41 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100216_MYSQL_ON_SL5_X.NASL
    description CVE-2009-4019 mysql: DoS (crash) when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable CVE-2009-4028 mysql: client SSL certificate verification flaw CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098 It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use this flaw to trick MySQL clients into connecting to a spoofed MySQL server. (CVE-2009-4028) Note: This fix may uncover previously hidden SSL configuration issues, such as incorrect CA certificates being used by clients or expired server certificates. This update should be carefully tested in deployments where SSL connections are used. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon (mysqld). This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash. (CVE-2009-4019) When the 'datadir' option was configured with a relative path, MySQL did not properly check paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. (CVE-2009-4030) Note: Due to the security risks and previous security issues related to the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not depending on this feature should consider disabling it by adding 'symbolic-links=0' to the '[mysqld]' section of the 'my.cnf' configuration file. In this update, an example of such a configuration was added to the default 'my.cnf' file. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60736
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60736
    title Scientific Linux Security Update : mysql on SL5.x i386/x86_64
oval via4
  • accepted 2013-04-29T04:13:26.751-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
    family unix
    id oval:org.mitre.oval:def:11349
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
    version 18
  • accepted 2013-09-23T04:05:40.091-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Maria Kedovskaya
      organization ALTX-SOFT
    definition_extensions
    • comment MySQL 5.0 is installed
      oval oval:org.mitre.oval:def:8282
    • comment MySQL 5.1 is installed
      oval oval:org.mitre.oval:def:8297
    description mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
    family windows
    id oval:org.mitre.oval:def:8500
    status accepted
    submitted 2010-01-22T17:00:00.000-05:00
    title MySQL 5.0 and 5.1 SELECT Statement DOS Vulnerability
    version 17
redhat via4
advisories
rhsa
id RHSA-2010:0109
rpms
  • mysql-0:5.0.77-4.el5_4.2
  • mysql-bench-0:5.0.77-4.el5_4.2
  • mysql-devel-0:5.0.77-4.el5_4.2
  • mysql-server-0:5.0.77-4.el5_4.2
  • mysql-test-0:5.0.77-4.el5_4.2
refmap via4
apple APPLE-SA-2010-03-29-1
confirm
debian DSA-1997
fedora FEDORA-2009-12180
mlist
  • [oss-security] 20091121 CVE Request - MySQL - 5.0.88
  • [oss-security] 20091121 Re: CVE Request - MySQL - 5.0.88
  • [oss-security] 20091123 Re: CVE Request - MySQL - 5.0.88
secunia
  • 37717
  • 38517
  • 38573
suse SUSE-SR:2010:011
ubuntu
  • USN-1397-1
  • USN-897-1
vupen ADV-2010-1107
Last major update 21-08-2010 - 01:36
Published 30-11-2009 - 12:30
Last modified 04-01-2018 - 21:29
Back to Top