ID CVE-2010-3840
Summary The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
References
Vulnerable Configurations
  • MySQL 5.1
    cpe:2.3:a:mysql:mysql:5.1
  • MySQL 5.1.1
    cpe:2.3:a:mysql:mysql:5.1.1
  • MySQL 5.1.2
    cpe:2.3:a:mysql:mysql:5.1.2
  • MySQL 5.1.3
    cpe:2.3:a:mysql:mysql:5.1.3
  • MySQL 5.1.4
    cpe:2.3:a:mysql:mysql:5.1.4
  • MySQL 5.1.5
    cpe:2.3:a:mysql:mysql:5.1.5
  • MySQL 5.1.5a
    cpe:2.3:a:mysql:mysql:5.1.5a
  • MySQL 5.1.6
    cpe:2.3:a:mysql:mysql:5.1.6
  • MySQL 5.1.7
    cpe:2.3:a:mysql:mysql:5.1.7
  • MySQL 5.1.8
    cpe:2.3:a:mysql:mysql:5.1.8
  • MySQL 5.1.9
    cpe:2.3:a:mysql:mysql:5.1.9
  • MySQL 5.1.10
    cpe:2.3:a:mysql:mysql:5.1.10
  • MySQL 5.1.11
    cpe:2.3:a:mysql:mysql:5.1.11
  • MySQL 5.1.12
    cpe:2.3:a:mysql:mysql:5.1.12
  • MySQL 5.1.13
    cpe:2.3:a:mysql:mysql:5.1.13
  • MySQL 5.1.14
    cpe:2.3:a:mysql:mysql:5.1.14
  • MySQL 5.1.15
    cpe:2.3:a:mysql:mysql:5.1.15
  • MySQL 5.1.16
    cpe:2.3:a:mysql:mysql:5.1.16
  • MySQL 5.1.17
    cpe:2.3:a:mysql:mysql:5.1.17
  • MySQL 5.1.18
    cpe:2.3:a:mysql:mysql:5.1.18
  • MySQL 5.1.19
    cpe:2.3:a:mysql:mysql:5.1.19
  • MySQL 5.1.20
    cpe:2.3:a:mysql:mysql:5.1.20
  • MySQL 5.1.21
    cpe:2.3:a:mysql:mysql:5.1.21
  • MySQL 5.1.22
    cpe:2.3:a:mysql:mysql:5.1.22
  • MySQL 5.1.23
    cpe:2.3:a:mysql:mysql:5.1.23
  • MySQL 5.1.23a
    cpe:2.3:a:mysql:mysql:5.1.23:a
  • MySQL 5.1.23_bk
    cpe:2.3:a:mysql:mysql:5.1.23_bk
  • MySQL 5.1.23a
    cpe:2.3:a:mysql:mysql:5.1.23a
  • MySQL 5.1.24
    cpe:2.3:a:mysql:mysql:5.1.24
  • MySQL 5.1.25
    cpe:2.3:a:mysql:mysql:5.1.25
  • MySQL 5.1.26
    cpe:2.3:a:mysql:mysql:5.1.26
  • MySQL 5.1.27
    cpe:2.3:a:mysql:mysql:5.1.27
  • MySQL 5.1.28
    cpe:2.3:a:mysql:mysql:5.1.28
  • MySQL 5.1.29
    cpe:2.3:a:mysql:mysql:5.1.29
  • MySQL 5.1.30
    cpe:2.3:a:mysql:mysql:5.1.30
  • MySQL 5.1.31
    cpe:2.3:a:mysql:mysql:5.1.31
  • MySQL 5.1.31 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.1.31:sp1
  • MySQL 5.1.32
    cpe:2.3:a:mysql:mysql:5.1.32
  • MySQL 5.1.32-bzr
    cpe:2.3:a:mysql:mysql:5.1.32-bzr
  • MySQL 5.1.33
    cpe:2.3:a:mysql:mysql:5.1.33
  • MySQL 5.1.34
    cpe:2.3:a:mysql:mysql:5.1.34
  • MySQL 5.1.34 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.1.34:sp1
  • MySQL 5.1.35
    cpe:2.3:a:mysql:mysql:5.1.35
  • MySQL 5.1.36
    cpe:2.3:a:mysql:mysql:5.1.36
  • MySQL 5.1.37
    cpe:2.3:a:mysql:mysql:5.1.37
  • MySQL 5.1.37 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.1.37:sp1
  • MySQL 5.1.38
    cpe:2.3:a:mysql:mysql:5.1.38
  • MySQL 5.1.39
    cpe:2.3:a:mysql:mysql:5.1.39
  • MySQL 5.1.40
    cpe:2.3:a:mysql:mysql:5.1.40
  • MySQL 5.1.40 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.1.40:sp1
  • MySQL 5.1.41
    cpe:2.3:a:mysql:mysql:5.1.41
  • MySQL 5.1.42
    cpe:2.3:a:mysql:mysql:5.1.42
  • MySQL 5.1.43
    cpe:2.3:a:mysql:mysql:5.1.43
  • MySQL 5.1.43 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.1.43:sp1
  • MySQL 5.1.44
    cpe:2.3:a:mysql:mysql:5.1.44
  • MySQL 5.1.45
    cpe:2.3:a:mysql:mysql:5.1.45
  • MySQL 5.1.46
    cpe:2.3:a:mysql:mysql:5.1.46
  • MySQL 5.1.46 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.1.46:sp1
  • MySQL 5.1.47
    cpe:2.3:a:mysql:mysql:5.1.47
  • MySQL 5.1.48
    cpe:2.3:a:mysql:mysql:5.1.48
  • MySQL 5.1.49
    cpe:2.3:a:mysql:mysql:5.1.49
  • MySQL 5.1.49 Service Pack 1
    cpe:2.3:a:mysql:mysql:5.1.49:sp1
  • MySQL 5.1.50
    cpe:2.3:a:mysql:mysql:5.1.50
CVSS
Base: 4.0 (as of 17-01-2011 - 13:43)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1397-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht ml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58325
    published 2012-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58325
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201201-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201201-02 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 57446
    published 2012-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57446
    title GLSA-201201-02 : MySQL: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101103_MYSQL_ON_SL4_X.NASL
    description It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. A remote, authenticated attacker could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially crafted table name. (CVE-2010-1848) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60883
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60883
    title Scientific Linux Security Update : mysql on SL4.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110118_MYSQL_ON_SL6_X.NASL
    description The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840) A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839) A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3838) A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837) MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836) A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3835) A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833) A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683) A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682) A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681) A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3680) A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679) A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678) A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677) Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash. These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60940
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60940
    title Scientific Linux Security Update : mysql on SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0164.NASL
    description From Red Hat Security Advisory 2011:0164 : Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840) A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839) A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3838) A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837) MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836) A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3835) A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833) A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683) A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682) A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681) A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3680) A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679) A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678) A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677) Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash. These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 68184
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68184
    title Oracle Linux 6 : mysql (ELSA-2011-0164)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0825.NASL
    description Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 50806
    published 2010-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50806
    title CentOS 5 : mysql (CESA-2010:0825)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0824.NASL
    description Updated mysql packages that fix three security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. A remote, authenticated attacker could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially crafted table name. (CVE-2010-1848) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 50805
    published 2010-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50805
    title CentOS 4 : mysql (CESA-2010:0824)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0824.NASL
    description Updated mysql packages that fix three security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. A remote, authenticated attacker could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially crafted table name. (CVE-2010-1848) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50473
    published 2010-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50473
    title RHEL 4 : mysql (RHSA-2010:0824)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBMYSQLCLIENT-DEVEL-111013.NASL
    description This MySQL version update to 5.0.94 update fixes the following security issues : - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo) - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189) - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other) - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 57114
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57114
    title SuSE 11.1 Security Update : MySQL (SAT Patch Number 5285)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0824.NASL
    description From Red Hat Security Advisory 2010:0824 : Updated mysql packages that fix three security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. A remote, authenticated attacker could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially crafted table name. (CVE-2010-1848) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68133
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68133
    title Oracle Linux 4 : mysql (ELSA-2010-0824)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-222.NASL
    description Multiple vulnerabilities were discovered and corrected in mysql : - Joins involving a table with with a unique SET column could cause a server crash (CVE-2010-3677). - Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash (CVE-2010-3680). - The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface (CVE-2010-3681). - Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682). - During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash (CVE-2010-3833). - The server could crash after materializing a derived table that required a temporary table for grouping (CVE-2010-3834). - A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted (CVE-2010-3835). - Pre-evaluation of LIKE predicates during view preparation could cause a server crash (CVE-2010-3836). - GROUP_CONCAT() and WITH ROLLUP together could cause a server crash (CVE-2010-3837). - Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table (CVE-2010-3838). - Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements (CVE-2010-3839). - The PolyFromWKB() function could crash the server when improper WKB data was passed to the function (CVE-2010-3840). Additionally the default behaviour of using the mysqlmanager instead of the mysqld_safe script has been reverted in the SysV init script because of instability issues with the mysqlmanager. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been upgraded to mysql 5.0.91 and patched to correct these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 50533
    published 2010-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50533
    title Mandriva Linux Security Advisory : mysql (MDVSA-2010:222)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101103_MYSQL_ON_SL5_X.NASL
    description It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60884
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60884
    title Scientific Linux Security Update : mysql on SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2143.NASL
    description Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. - CVE-2010-3680 It was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure. - CVE-2010-3681 It was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing 'alternate reads from two indexes on a table,' which triggers an assertion failure. - CVE-2010-3682 It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could crash the server. - CVE-2010-3833 It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could crash the server. - CVE-2010-3834 It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could crash the server. - CVE-2010-3835 It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could crash the server. - CVE-2010-3836 It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could crash the server. - CVE-2010-3837 It was discovered that MySQL incorrectly handled using GROUP_CONCAT() and WITH ROLLUP together. An authenticated user could crash the server. - CVE-2010-3838 It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST() functions. An authenticated user could crash the server. - CVE-2010-3840 It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB() function. An authenticated user could crash the server.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51530
    published 2011-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51530
    title Debian DSA-2143-1 : mysql-dfsg-5.0 - several vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_1_51.NASL
    description The version of MySQL Community Server installed on the remote host is earlier than 5.1.51 and is, therefore, potentially affected by multiple vulnerabilities: - A privilege escalation vulnerability exists when using statement-based replication. Version specific comments used on a master server with a lesser release version than its slave can allow the MySQL privilege system on the slave server to be subverted. (49124) - An authenticated user can crash the MySQL server by passing improper WKB to the 'PolyFromWKB()' function. (51875) - The improper handling of type errors during argument evaluation in extreme-value functions, e.g., 'LEAST()' or 'GREATEST()' caused server crashes. (55826) - The creation of derived tables needing a temporary grouping table caused server crashes. (55568) - The re-evaluation of a user-variable assignment expression after the creation of a temporary table caused server crashes. (55564) - The 'convert_tz()' function can be used to crash the server by setting the timezone argument to an empty SET column value. (55424) - The pre-evaluation of 'LIKE' predicates while preparing a view caused server crashes. (54568) - The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused server crashes. (54476) - The use of an intermediate temporary table and queries containing calls to 'GREATEST()' or 'LEAST()', having a list of both numeric and 'LONGBLOB' arguments, caused server crashes. (54461) - The use of nested joins in prepared statements or stored procedures could result in infinite loops. (53544)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 49711
    published 2010-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49711
    title MySQL Community Server < 5.1.51 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0825.NASL
    description Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50474
    published 2010-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50474
    title RHEL 5 : mysql (RHSA-2010:0825)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LIBMYSQLCLIENT-DEVEL-110607.NASL
    description This mysql update fixes the following security issues - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo) - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189) - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other) - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75904
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75904
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2011:1250-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBMARIADBCLIENT16-110701.NASL
    description MariaDB was updated to version 5.1.55 to fix numerous bugs and security issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75582
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75582
    title openSUSE Security Update : libmariadbclient16 (openSUSE-SU-2011:0743-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0164.NASL
    description Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840) A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839) A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3838) A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837) MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836) A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3835) A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833) A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683) A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682) A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681) A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3680) A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679) A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678) A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677) Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash. These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 51571
    published 2011-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51571
    title RHEL 6 : mysql (RHSA-2011:0164)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBMYSQLCLIENT-DEVEL-110607.NASL
    description This mysql update fixes the following security issues - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo) - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189) - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other) - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75589
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75589
    title openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2011:1250-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBMYSQLCLUSTERCLIENT16-110706.NASL
    description This update fixes the following security issue : - 676974: mysql-cluster: security issues fixed in MySQL 5.1.51 This update also fixes the following non-security issue : - 635645: mysql init script fails to start when SELinux is enabled
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75590
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75590
    title openSUSE Security Update : libmysqlclusterclient16 (openSUSE-SU-2011:0774-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LIBMYSQLCLUSTERCLIENT16-110706.NASL
    description This update fixes the following security issue : - 676974: mysql-cluster: security issues fixed in MySQL 5.1.51
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75905
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75905
    title openSUSE Security Update : libmysqlclusterclient16 (openSUSE-SU-2011:0799-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-223.NASL
    description Multiple vulnerabilities were discovered and corrected in mysql : - During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash (CVE-2010-3833). - The server could crash after materializing a derived table that required a temporary table for grouping (CVE-2010-3834). - A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted (CVE-2010-3835). - Pre-evaluation of LIKE predicates during view preparation could cause a server crash (CVE-2010-3836). - GROUP_CONCAT() and WITH ROLLUP together could cause a server crash (CVE-2010-3837). - Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table (CVE-2010-3838). - Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements (CVE-2010-3839). - The PolyFromWKB() function could crash the server when improper WKB data was passed to the function (CVE-2010-3840). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 50534
    published 2010-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50534
    title Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1017-1.NASL
    description It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008) It was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677) It was discovered that MySQL incorrectly handled NULL arguments to IN() or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3678) It was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3679) It was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3680) It was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3681) It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3682) It was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3683) It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3833) It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3834) It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3835) It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3836) It was discovered that MySQL incorrectly handled using GROUP_CONCAT() and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3837) It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST() functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3838) It was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-3839) It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB() function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3840). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 50573
    published 2010-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50573
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1017-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LIBMARIADBCLIENT16-110701.NASL
    description MariaDB was updated to version 5.1.55 to fix numerous bugs and security issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75898
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75898
    title openSUSE Security Update : libmariadbclient16 (openSUSE-SU-2011:0743-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBMYSQLCLIENT-DEVEL-111014.NASL
    description This MySQL version update to 5.0.94 update fixes the following security issues : - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo) - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189) - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other) - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 57115
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57115
    title SuSE 11.1 Security Update : MySQL (SAT Patch Number 5285)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0825.NASL
    description From Red Hat Security Advisory 2010:0825 : Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68134
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68134
    title Oracle Linux 5 : mysql (ELSA-2010-0825)
redhat via4
advisories
  • bugzilla
    id 640865
    title CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875)
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment mysql is earlier than 0:4.1.22-2.el4_8.4
          oval oval:com.redhat.rhsa:tst:20100824002
        • comment mysql is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152003
      • AND
        • comment mysql-bench is earlier than 0:4.1.22-2.el4_8.4
          oval oval:com.redhat.rhsa:tst:20100824008
        • comment mysql-bench is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152007
      • AND
        • comment mysql-devel is earlier than 0:4.1.22-2.el4_8.4
          oval oval:com.redhat.rhsa:tst:20100824006
        • comment mysql-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152005
      • AND
        • comment mysql-server is earlier than 0:4.1.22-2.el4_8.4
          oval oval:com.redhat.rhsa:tst:20100824004
        • comment mysql-server is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152009
    rhsa
    id RHSA-2010:0824
    released 2010-11-03
    severity Moderate
    title RHSA-2010:0824: mysql security update (Moderate)
  • bugzilla
    id 640865
    title CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment mysql is earlier than 0:5.0.77-4.el5_5.4
          oval oval:com.redhat.rhsa:tst:20100825002
        • comment mysql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070875012
      • AND
        • comment mysql-bench is earlier than 0:5.0.77-4.el5_5.4
          oval oval:com.redhat.rhsa:tst:20100825008
        • comment mysql-bench is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070875018
      • AND
        • comment mysql-devel is earlier than 0:5.0.77-4.el5_5.4
          oval oval:com.redhat.rhsa:tst:20100825004
        • comment mysql-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070875014
      • AND
        • comment mysql-server is earlier than 0:5.0.77-4.el5_5.4
          oval oval:com.redhat.rhsa:tst:20100825010
        • comment mysql-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070875016
      • AND
        • comment mysql-test is earlier than 0:5.0.77-4.el5_5.4
          oval oval:com.redhat.rhsa:tst:20100825006
        • comment mysql-test is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070875020
    rhsa
    id RHSA-2010:0825
    released 2010-11-03
    severity Moderate
    title RHSA-2010:0825: mysql security update (Moderate)
  • bugzilla
    id 640865
    title CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment mysql is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164005
        • comment mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647006
      • AND
        • comment mysql-bench is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164007
        • comment mysql-bench is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647020
      • AND
        • comment mysql-devel is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164015
        • comment mysql-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647008
      • AND
        • comment mysql-embedded is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164009
        • comment mysql-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647012
      • AND
        • comment mysql-embedded-devel is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164019
        • comment mysql-embedded-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647014
      • AND
        • comment mysql-libs is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164013
        • comment mysql-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647010
      • AND
        • comment mysql-server is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164011
        • comment mysql-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647018
      • AND
        • comment mysql-test is earlier than 0:5.1.52-1.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110164017
        • comment mysql-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131647016
    rhsa
    id RHSA-2011:0164
    released 2011-01-18
    severity Moderate
    title RHSA-2011:0164: mysql security update (Moderate)
rpms
  • mysql-0:4.1.22-2.el4_8.4
  • mysql-bench-0:4.1.22-2.el4_8.4
  • mysql-devel-0:4.1.22-2.el4_8.4
  • mysql-server-0:4.1.22-2.el4_8.4
  • mysql-0:5.0.77-4.el5_5.4
  • mysql-bench-0:5.0.77-4.el5_5.4
  • mysql-devel-0:5.0.77-4.el5_5.4
  • mysql-server-0:5.0.77-4.el5_5.4
  • mysql-test-0:5.0.77-4.el5_5.4
  • mysql-0:5.1.52-1.el6_0.1
  • mysql-bench-0:5.1.52-1.el6_0.1
  • mysql-devel-0:5.1.52-1.el6_0.1
  • mysql-embedded-0:5.1.52-1.el6_0.1
  • mysql-embedded-devel-0:5.1.52-1.el6_0.1
  • mysql-libs-0:5.1.52-1.el6_0.1
  • mysql-server-0:5.1.52-1.el6_0.1
  • mysql-test-0:5.1.52-1.el6_0.1
refmap via4
bid 43676
confirm
debian DSA-2143
mandriva
  • MDVSA-2010:222
  • MDVSA-2010:223
misc http://lists.mysql.com/commits/117094
secunia
  • 42875
  • 42936
turbo TLSA-2011-3
ubuntu
  • USN-1017-1
  • USN-1397-1
vupen
  • ADV-2011-0105
  • ADV-2011-0170
  • ADV-2011-0345
xf mysql-gislinestringinitfromwkb-dos(64838)
Last major update 17-02-2011 - 00:00
Published 14-01-2011 - 14:02
Last modified 04-01-2018 - 21:29
Back to Top