CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
92.2%
CentOS Errata and Security Advisory CESA-2010:0824
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.
It was found that the MySQL PolyFromWKB() function did not sanity check
Well-Known Binary (WKB) data. A remote, authenticated attacker could use
specially-crafted WKB data to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3840)
A flaw was found in the way MySQL processed certain alternating READ
requests provided by HANDLER statements. A remote, authenticated attacker
could use this flaw to provide such requests, causing mysqld to crash. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3681)
A directory traversal flaw was found in the way MySQL handled the
parameters of the MySQL COM_FIELD_LIST network protocol command. A remote,
authenticated attacker could use this flaw to obtain descriptions of the
fields of an arbitrary table using a request with a specially-crafted
table name. (CVE-2010-1848)
All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-November/079304.html
https://lists.centos.org/pipermail/centos-announce/2010-November/079305.html
Affected packages:
mysql
mysql-bench
mysql-devel
mysql-server
Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0824
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | mysql | <Β 4.1.22-2.el4_8.4 | mysql-4.1.22-2.el4_8.4.i386.rpm |
CentOS | 4 | i386 | mysql-bench | <Β 4.1.22-2.el4_8.4 | mysql-bench-4.1.22-2.el4_8.4.i386.rpm |
CentOS | 4 | i386 | mysql-devel | <Β 4.1.22-2.el4_8.4 | mysql-devel-4.1.22-2.el4_8.4.i386.rpm |
CentOS | 4 | i386 | mysql-server | <Β 4.1.22-2.el4_8.4 | mysql-server-4.1.22-2.el4_8.4.i386.rpm |
CentOS | 4 | i386 | mysql | <Β 4.1.22-2.el4_8.4 | mysql-4.1.22-2.el4_8.4.i386.rpm |
CentOS | 4 | x86_64 | mysql | <Β 4.1.22-2.el4_8.4 | mysql-4.1.22-2.el4_8.4.x86_64.rpm |
CentOS | 4 | x86_64 | mysql-bench | <Β 4.1.22-2.el4_8.4 | mysql-bench-4.1.22-2.el4_8.4.x86_64.rpm |
CentOS | 4 | x86_64 | mysql-devel | <Β 4.1.22-2.el4_8.4 | mysql-devel-4.1.22-2.el4_8.4.x86_64.rpm |
CentOS | 4 | x86_64 | mysql-server | <Β 4.1.22-2.el4_8.4 | mysql-server-4.1.22-2.el4_8.4.x86_64.rpm |