ID CVE-2009-4019
Summary mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
References
Vulnerable Configurations
  • cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 17-12-2019 - 20:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
oval via4
  • accepted 2013-04-29T04:13:26.751-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
    family unix
    id oval:org.mitre.oval:def:11349
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
    version 18
  • accepted 2013-09-23T04:05:40.091-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Maria Kedovskaya
      organization ALTX-SOFT
    definition_extensions
    • comment MySQL 5.0 is installed
      oval oval:org.mitre.oval:def:8282
    • comment MySQL 5.1 is installed
      oval oval:org.mitre.oval:def:8297
    description mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
    family windows
    id oval:org.mitre.oval:def:8500
    status accepted
    submitted 2010-01-22T17:00:00.000-05:00
    title MySQL 5.0 and 5.1 SELECT Statement DOS Vulnerability
    version 17
redhat via4
advisories
rhsa
id RHSA-2010:0109
rpms
  • mysql-0:5.0.77-4.el5_4.2
  • mysql-bench-0:5.0.77-4.el5_4.2
  • mysql-debuginfo-0:5.0.77-4.el5_4.2
  • mysql-devel-0:5.0.77-4.el5_4.2
  • mysql-server-0:5.0.77-4.el5_4.2
  • mysql-test-0:5.0.77-4.el5_4.2
refmap via4
apple APPLE-SA-2010-03-29-1
confirm
debian DSA-1997
fedora FEDORA-2009-12180
mlist
  • [oss-security] 20091121 CVE Request - MySQL - 5.0.88
  • [oss-security] 20091121 Re: CVE Request - MySQL - 5.0.88
  • [oss-security] 20091123 Re: CVE Request - MySQL - 5.0.88
secunia
  • 37717
  • 38517
  • 38573
suse SUSE-SR:2010:011
ubuntu
  • USN-1397-1
  • USN-897-1
vupen ADV-2010-1107
Last major update 17-12-2019 - 20:26
Published 30-11-2009 - 17:30
Last modified 17-12-2019 - 20:26
Back to Top