Summary
The host is running MySQL and is prone to Denial Of Service and Spoofing Vulnerabilities
Impact
Successful exploitation could allow users to cause a Denial of Service and man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate.
Impact Level: Application
Solution
Upgrade to MySQL version 5.0.88 or 5.1.41
For updates refer to http://dev.mysql.com/downloads
Insight
The flaws are due to:
- mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the 'GeomFromWKB()' function.
- An error in 'vio_verify_callback()' function in 'viosslfactories.c', when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates.
Affected
MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 on all running platform.
References
Severity
Classification
-
CVE CVE-2009-4019, CVE-2009-4028 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari Malformed URI Remote DoS Vulnerability (Win)
- Apache Tomcat Content-Type Header Denial Of Service Vulnerability
- Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
- Comodo Internet Security Denial of Service Vulnerability-01
- Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux