MySQL Denial Of Service (infinite Loop) Vulnerabilities Network Vulnerability

Summary

The host is running MySQL and is prone to denial of service vulnerabilities.

Impact

Successful exploitation could allow users to cause a denial of service and to execute arbitrary code. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.51 or 5.5.6 For updates refer to http://dev.mysql.com/downloads

Insight

The flaws are due to: - Performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table. - An error in multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

Affected

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6

References

http://bugs.mysql.com/bug.php?id=54568
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
http://secunia.com/advisories/42875

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3835, CVE-2010-3839

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Oracle Database Server Multiple Unspecified Vulnerabilities-01 Jan2014
MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability
PostgreSQL Multiple Security Bypass Vulnerability July14 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities - 01 Jan14 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities-02 July14 (Windows)

MySQL Denial of Service (infinite loop) Vulnerabilities

Take action and discover your vulnerabilities