ID ORACLELINUX_ELSA-2011-0164.NASL Type nessus Reporter Tenable Modified 2016-05-06T00:00:00
Description
From Red Hat Security Advisory 2011:0164 :
Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840)
A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839)
A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3838)
A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837)
MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836)
A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)
A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833)
A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683)
A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682)
A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681)
A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3680)
A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld.
(CVE-2010-3679)
A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678)
A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677)
Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash.
These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes :
All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2011:0164 and
# Oracle Linux Security Advisory ELSA-2011-0164 respectively.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(68184);
script_version("$Revision: 1.4 $");
script_cvs_date("$Date: 2016/05/06 16:53:48 $");
script_cve_id("CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840");
script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42646, 43676);
script_xref(name:"RHSA", value:"2011:0164");
script_name(english:"Oracle Linux 6 : mysql (ELSA-2011-0164)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2011:0164 :
Updated mysql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
MySQL is a multi-user, multi-threaded SQL database server. It consists
of the MySQL server daemon (mysqld) and many client programs and
libraries.
The MySQL PolyFromWKB() function did not sanity check Well-Known
Binary (WKB) data, which could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3840)
A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to
100%), if a stored procedure contained JOIN queries, and that
procedure was executed twice in sequence. (CVE-2010-3839)
A flaw in the way MySQL processed queries that provide a mixture of
numeric and longblob data types to the LEAST or GREATEST function,
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3838)
A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)
MySQL did not properly pre-evaluate LIKE arguments in view prepare
mode, possibly allowing a remote, authenticated attacker to crash
mysqld. (CVE-2010-3836)
A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)
A flaw in the way MySQL evaluated the arguments of extreme-value
functions, such as LEAST and GREATEST, could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3833)
A flaw in the way MySQL handled LOAD DATA INFILE requests allowed
MySQL to send OK packets even when there were errors. (CVE-2010-3683)
A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)
A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated
attacker to crash mysqld. (CVE-2010-3681)
A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements
that define NULL columns when using the InnoDB storage engine, could
allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3680)
A flaw in the way MySQL processed certain values provided to the
BINLOG statement caused MySQL to read unassigned memory. A remote,
authenticated attacker could possibly use this flaw to crash mysqld.
(CVE-2010-3679)
A flaw in the way MySQL processed SQL queries containing IN or CASE
statements, when a NULL argument was provided as one of the arguments
to the query, could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3678)
A flaw in the way MySQL processed JOIN queries that attempt to
retrieve data from a unique SET column could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3677)
Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,
CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680,
CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of
service, as mysqld was automatically restarted after each crash.
These updated packages upgrade MySQL to version 5.1.52. Refer to the
MySQL release notes for a full list of changes :
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
All MySQL users should upgrade to these updated packages, which
correct these issues. After installing this update, the MySQL server
daemon (mysqld) will be restarted automatically."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2011-February/001871.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mysql packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"patch_publication_date", value:"2011/02/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL6", reference:"mysql-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-bench-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-devel-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-embedded-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-embedded-devel-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-libs-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-server-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-test-5.1.52-1.el6_0.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-embedded / etc");
}
{"hash": "f7ca52a4290fed3c389fcebecdbd9d057d7dec224cd7c50181fcafd74711b5f4", "naslFamily": "Oracle Linux Local Security Checks", "id": "ORACLELINUX_ELSA-2011-0164.NASL", "lastseen": "2017-10-29T13:45:01", "viewCount": 0, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "52a589bac1c2c4d1b20742a5e936a6a0", "key": "cpe"}, {"hash": "28a94886eaa4ff2b55031e0322ec393e", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "3c5afcca913658450e43fe2cc0af5e77", "key": "description"}, {"hash": "01747313503f2ddd0055183b17255a2e", "key": "href"}, {"hash": "62f567f562bbeddeaf1e6db6eec3283c", "key": "modified"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "4579da10f367382f6c82a034cac778ad", "key": "pluginID"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "8754a4c79639fe9e72913f51a467720c", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "952a2e8fc7d51d5cdf3746dd935403dd", "key": "sourceData"}, {"hash": "44a7c372e4fd70f63bab3c202bc2425d", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-devel", "p-cpe:/a:oracle:linux:mysql-embedded", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-bench", "p-cpe:/a:oracle:linux:mysql-test", "p-cpe:/a:oracle:linux:mysql-embedded-devel", "p-cpe:/a:oracle:linux:mysql-server"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "edition": 2, "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "description": "From Red Hat Security Advisory 2011:0164 :\n\nUpdated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840)\n\nA flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839)\n\nA flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3838)\n\nA flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837)\n\nMySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836)\n\nA flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3835)\n\nA flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833)\n\nA flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683)\n\nA flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682)\n\nA flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681)\n\nA flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3680)\n\nA flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld.\n(CVE-2010-3679)\n\nA flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678)\n\nA flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677)\n\nNote: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash.\n\nThese updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes :\n\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n\nAll MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "title": "Oracle Linux 6 : mysql (ELSA-2011-0164)", "history": [{"bulletin": {"hash": "9c64e073ccf9796b9e1c1dab78b9f64dd4a4d15b5578eb126b97c997efc75b1a", "naslFamily": "Oracle Linux Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:26:30", "enchantments": {}, "hashmap": [{"hash": "3c5afcca913658450e43fe2cc0af5e77", "key": "description"}, {"hash": "8754a4c79639fe9e72913f51a467720c", "key": "references"}, {"hash": "28a94886eaa4ff2b55031e0322ec393e", "key": "cvelist"}, {"hash": "4579da10f367382f6c82a034cac778ad", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "44a7c372e4fd70f63bab3c202bc2425d", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "01747313503f2ddd0055183b17255a2e", "key": "href"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "952a2e8fc7d51d5cdf3746dd935403dd", "key": "sourceData"}, {"hash": "62f567f562bbeddeaf1e6db6eec3283c", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "ORACLELINUX_ELSA-2011-0164.NASL", "type": "nessus", "description": "From Red Hat Security Advisory 2011:0164 :\n\nUpdated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840)\n\nA flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839)\n\nA flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3838)\n\nA flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837)\n\nMySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836)\n\nA flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3835)\n\nA flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833)\n\nA flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683)\n\nA flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682)\n\nA flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681)\n\nA flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3680)\n\nA flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld.\n(CVE-2010-3679)\n\nA flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678)\n\nA flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677)\n\nNote: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash.\n\nThese updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes :\n\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n\nAll MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "viewCount": 0, "title": "Oracle Linux 6 : mysql (ELSA-2011-0164)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "objectVersion": "1.2", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-3836", "CVE-2010-3683", "CVE-2010-3677", "CVE-2010-3838"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0164 and \n# Oracle Linux Security Advisory ELSA-2011-0164 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68184);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/06 16:53:48 $\");\n\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3678\", \"CVE-2010-3679\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3683\", \"CVE-2010-3833\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42646, 43676);\n script_xref(name:\"RHSA\", value:\"2011:0164\");\n\n script_name(english:\"Oracle Linux 6 : mysql (ELSA-2011-0164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0164 :\n\nUpdated mysql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThe MySQL PolyFromWKB() function did not sanity check Well-Known\nBinary (WKB) data, which could allow a remote, authenticated attacker\nto crash mysqld. (CVE-2010-3840)\n\nA flaw in the way MySQL processed certain JOIN queries could allow a\nremote, authenticated attacker to cause excessive CPU use (up to\n100%), if a stored procedure contained JOIN queries, and that\nprocedure was executed twice in sequence. (CVE-2010-3839)\n\nA flaw in the way MySQL processed queries that provide a mixture of\nnumeric and longblob data types to the LEAST or GREATEST function,\ncould allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3838)\n\nA flaw in the way MySQL processed PREPARE statements containing both\nGROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3837)\n\nMySQL did not properly pre-evaluate LIKE arguments in view prepare\nmode, possibly allowing a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3836)\n\nA flaw in the way MySQL processed statements that assign a value to a\nuser-defined variable and that also contain a logical value evaluation\ncould allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3835)\n\nA flaw in the way MySQL evaluated the arguments of extreme-value\nfunctions, such as LEAST and GREATEST, could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3833)\n\nA flaw in the way MySQL handled LOAD DATA INFILE requests allowed\nMySQL to send OK packets even when there were errors. (CVE-2010-3683)\n\nA flaw in the way MySQL processed EXPLAIN statements for some complex\nSELECT queries could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3682)\n\nA flaw in the way MySQL processed certain alternating READ requests\nprovided by HANDLER statements could allow a remote, authenticated\nattacker to crash mysqld. (CVE-2010-3681)\n\nA flaw in the way MySQL processed CREATE TEMPORARY TABLE statements\nthat define NULL columns when using the InnoDB storage engine, could\nallow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3680)\n\nA flaw in the way MySQL processed certain values provided to the\nBINLOG statement caused MySQL to read unassigned memory. A remote,\nauthenticated attacker could possibly use this flaw to crash mysqld.\n(CVE-2010-3679)\n\nA flaw in the way MySQL processed SQL queries containing IN or CASE\nstatements, when a NULL argument was provided as one of the arguments\nto the query, could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3678)\n\nA flaw in the way MySQL processed JOIN queries that attempt to\nretrieve data from a unique SET column could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3677)\n\nNote: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,\nCVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680,\nCVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of\nservice, as mysqld was automatically restarted after each crash.\n\nThese updated packages upgrade MySQL to version 5.1.52. Refer to the\nMySQL release notes for a full list of changes :\n\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001871.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"mysql-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-bench-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-devel-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-embedded-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-embedded-devel-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-libs-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-server-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-test-5.1.52-1.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-embedded / etc\");\n}\n", "published": "2013-07-12T00:00:00", "pluginID": "68184", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-February/001871.html"], "reporter": "Tenable", "modified": "2016-05-06T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68184"}, "lastseen": "2016-09-26T17:26:30", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-3836", "CVE-2010-3683", "CVE-2010-3677", "CVE-2010-3838"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0164 and \n# Oracle Linux Security Advisory ELSA-2011-0164 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68184);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/06 16:53:48 $\");\n\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3678\", \"CVE-2010-3679\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3683\", \"CVE-2010-3833\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42646, 43676);\n script_xref(name:\"RHSA\", value:\"2011:0164\");\n\n script_name(english:\"Oracle Linux 6 : mysql (ELSA-2011-0164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0164 :\n\nUpdated mysql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon (mysqld) and many client programs and\nlibraries.\n\nThe MySQL PolyFromWKB() function did not sanity check Well-Known\nBinary (WKB) data, which could allow a remote, authenticated attacker\nto crash mysqld. (CVE-2010-3840)\n\nA flaw in the way MySQL processed certain JOIN queries could allow a\nremote, authenticated attacker to cause excessive CPU use (up to\n100%), if a stored procedure contained JOIN queries, and that\nprocedure was executed twice in sequence. (CVE-2010-3839)\n\nA flaw in the way MySQL processed queries that provide a mixture of\nnumeric and longblob data types to the LEAST or GREATEST function,\ncould allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3838)\n\nA flaw in the way MySQL processed PREPARE statements containing both\nGROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3837)\n\nMySQL did not properly pre-evaluate LIKE arguments in view prepare\nmode, possibly allowing a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3836)\n\nA flaw in the way MySQL processed statements that assign a value to a\nuser-defined variable and that also contain a logical value evaluation\ncould allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3835)\n\nA flaw in the way MySQL evaluated the arguments of extreme-value\nfunctions, such as LEAST and GREATEST, could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3833)\n\nA flaw in the way MySQL handled LOAD DATA INFILE requests allowed\nMySQL to send OK packets even when there were errors. (CVE-2010-3683)\n\nA flaw in the way MySQL processed EXPLAIN statements for some complex\nSELECT queries could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3682)\n\nA flaw in the way MySQL processed certain alternating READ requests\nprovided by HANDLER statements could allow a remote, authenticated\nattacker to crash mysqld. (CVE-2010-3681)\n\nA flaw in the way MySQL processed CREATE TEMPORARY TABLE statements\nthat define NULL columns when using the InnoDB storage engine, could\nallow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3680)\n\nA flaw in the way MySQL processed certain values provided to the\nBINLOG statement caused MySQL to read unassigned memory. A remote,\nauthenticated attacker could possibly use this flaw to crash mysqld.\n(CVE-2010-3679)\n\nA flaw in the way MySQL processed SQL queries containing IN or CASE\nstatements, when a NULL argument was provided as one of the arguments\nto the query, could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3678)\n\nA flaw in the way MySQL processed JOIN queries that attempt to\nretrieve data from a unique SET column could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3677)\n\nNote: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,\nCVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680,\nCVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of\nservice, as mysqld was automatically restarted after each crash.\n\nThese updated packages upgrade MySQL to version 5.1.52. Refer to the\nMySQL release notes for a full list of changes :\n\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n\nAll MySQL users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MySQL server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001871.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"mysql-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-bench-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-devel-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-embedded-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-embedded-devel-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-libs-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-server-5.1.52-1.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mysql-test-5.1.52-1.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-embedded / etc\");\n}\n", "published": "2013-07-12T00:00:00", "pluginID": "68184", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-February/001871.html"], "reporter": "Tenable", "modified": "2016-05-06T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68184"}
{"result": {"cve": [{"id": "CVE-2010-3837", "type": "cve", "title": "CVE-2010-3837", "description": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.", "published": "2011-01-14T14:02:43", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3837", "cvelist": ["CVE-2010-3837"], "lastseen": "2018-01-05T12:20:11"}, {"id": "CVE-2010-3680", "type": "cve", "title": "CVE-2010-3680", "description": "Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.", "published": "2011-01-11T15:00:01", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3680", "cvelist": ["CVE-2010-3680"], "lastseen": "2018-01-05T12:20:10"}, {"id": "CVE-2010-3678", "type": "cve", "title": "CVE-2010-3678", "description": "Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.", "published": "2011-01-11T15:00:01", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3678", "cvelist": ["CVE-2010-3678"], "lastseen": "2018-01-05T12:20:10"}, {"id": "CVE-2010-3839", "type": "cve", "title": "CVE-2010-3839", "description": "MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.", "published": "2011-01-14T14:02:44", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3839", "cvelist": ["CVE-2010-3839"], "lastseen": "2018-01-05T12:20:11"}, {"id": "CVE-2010-3835", "type": "cve", "title": "CVE-2010-3835", "description": "MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.", "published": "2011-01-14T14:02:42", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3835", "cvelist": ["CVE-2010-3835"], "lastseen": "2018-01-05T12:20:10"}, {"id": "CVE-2010-3681", "type": "cve", "title": "CVE-2010-3681", "description": "Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing \"alternate reads from two indexes on a table,\" which triggers an assertion failure.", "published": "2011-01-11T15:00:01", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3681", "cvelist": ["CVE-2010-3681"], "lastseen": "2018-01-05T12:20:10"}, {"id": "CVE-2010-3833", "type": "cve", "title": "CVE-2010-3833", "description": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a \"CREATE TABLE ... SELECT.\"", "published": "2011-01-14T14:01:15", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3833", "cvelist": ["CVE-2010-3833"], "lastseen": "2018-01-05T12:20:10"}, {"id": "CVE-2010-3840", "type": "cve", "title": "CVE-2010-3840", "description": "The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.", "published": "2011-01-14T14:02:44", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3840", "cvelist": ["CVE-2010-3840"], "lastseen": "2018-01-05T12:20:11"}, {"id": "CVE-2010-3682", "type": "cve", "title": "CVE-2010-3682", "description": "Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted \"SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)\" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.", "published": "2011-01-11T15:00:01", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3682", "cvelist": ["CVE-2010-3682"], "lastseen": "2018-01-05T12:20:10"}, {"id": "CVE-2010-3679", "type": "cve", "title": "CVE-2010-3679", "description": "Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.", "published": "2011-01-11T15:00:01", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3679", "cvelist": ["CVE-2010-3679"], "lastseen": "2018-01-05T12:20:10"}], "openvas": [{"id": "OPENVAS:1361412562310801571", "type": "openvas", "title": "MySQL Multiple Denial of Service Vulnerabilities", "description": "The host is running MySQL and is prone to multiple denial of\n service vulnerabilities.", "published": "2011-01-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801571", "cvelist": ["CVE-2010-3837", "CVE-2010-3833", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-09-04T14:19:53"}, {"id": "OPENVAS:831237", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2010:223 (mysql)", "description": "Check for the Version of mysql", "published": "2010-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831237", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-01-02T10:54:48"}, {"id": "OPENVAS:1361412562310100900", "type": "openvas", "title": "Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities", "description": "MySQL is prone to multiple denial-of-service vulnerabilities.", "published": "2010-11-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100900", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-05-30T14:40:46"}, {"id": "OPENVAS:1361412562310831237", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2010:223 (mysql)", "description": "Check for the Version of mysql", "published": "2010-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831237", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-01-25T10:55:28"}, {"id": "OPENVAS:831243", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2010:222 (mysql)", "description": "Check for the Version of mysql", "published": "2010-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831243", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-12-15T11:57:47"}, {"id": "OPENVAS:1361412562310122299", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0825", "description": "Oracle Linux Local Security Checks ELSA-2010-0825", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122299", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3838"], "lastseen": "2017-07-24T12:52:36"}, {"id": "OPENVAS:870356", "type": "openvas", "title": "RedHat Update for mysql RHSA-2010:0825-01", "description": "Check for the Version of mysql", "published": "2010-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870356", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3838"], "lastseen": "2017-12-20T13:17:46"}, {"id": "OPENVAS:1361412562310870356", "type": "openvas", "title": "RedHat Update for mysql RHSA-2010:0825-01", "description": "Check for the Version of mysql", "published": "2010-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870356", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3838"], "lastseen": "2018-01-11T11:04:12"}, {"id": "OPENVAS:1361412562310831243", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2010:222 (mysql)", "description": "Check for the Version of mysql", "published": "2010-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831243", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-01-06T13:04:50"}, {"id": "OPENVAS:840533", "type": "openvas", "title": "Ubuntu Update for MySQL vulnerabilities USN-1017-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1017-1", "published": "2010-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840533", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-2008", "CVE-2010-3836", "CVE-2010-3683", "CVE-2010-3677", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-12-04T11:17:58"}], "nessus": [{"id": "MYSQL_5_0_92.NASL", "type": "nessus", "title": "MySQL < 5.0.92 Multiple Denial of Service", "description": "The version of MySQL installed on the remote host is older than 5.0.92. As such, it reportedly is prone to multiple denial of service attacks :\n\n - The improper handling of type errors during argument evaluation in extreme-value functions, e.g., 'LEAST()' or 'GREATEST()' causes server crashes. (CVE-2010-3833)\n\n - Remote authenticated attackers could crash the server.\n (CVE-2010-3834 & CVE-2010-3836)\n\n - The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused server crashes. (CVE-2010-3837)\n\n - The use of an intermediate temporary table and queries containing calls to 'GREATEST()' or 'LEAST()', having a list of both numeric and 'LONGBLOB' arguments, caused server crashes. (CVE-2010-3838)", "published": "2012-01-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17834", "cvelist": ["CVE-2010-3837", "CVE-2010-3833", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-07-18T13:38:53"}, {"id": "SUSE_11_4_LIBMYSQLCLIENT-DEVEL-110607.NASL", "type": "nessus", "title": "openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2011:1250-1)", "description": "This mysql update fixes the following security issues\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75904", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-10-29T13:33:57"}, {"id": "SUSE_11_3_LIBMARIADBCLIENT16-110701.NASL", "type": "nessus", "title": "openSUSE Security Update : libmariadbclient16 (openSUSE-SU-2011:0743-1)", "description": "MariaDB was updated to version 5.1.55 to fix numerous bugs and security issues.", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75582", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-10-29T13:45:58"}, {"id": "MYSQL_5_1_51.NASL", "type": "nessus", "title": "MySQL Community Server < 5.1.51 Multiple Vulnerabilities", "description": "The version of MySQL Community Server installed on the remote host is earlier than 5.1.51 and is, therefore, potentially affected by multiple vulnerabilities:\n\n - A privilege escalation vulnerability exists when using statement-based replication. Version specific comments used on a master server with a lesser release version than its slave can allow the MySQL privilege system on the slave server to be subverted. (49124)\n\n - An authenticated user can crash the MySQL server by passing improper WKB to the 'PolyFromWKB()' function.\n (51875)\n\n - The improper handling of type errors during argument evaluation in extreme-value functions, e.g., 'LEAST()' or 'GREATEST()' caused server crashes. (55826)\n\n - The creation of derived tables needing a temporary grouping table caused server crashes. (55568)\n\n - The re-evaluation of a user-variable assignment expression after the creation of a temporary table caused server crashes. (55564)\n\n - The 'convert_tz()' function can be used to crash the server by setting the timezone argument to an empty SET column value. (55424)\n\n - The pre-evaluation of 'LIKE' predicates while preparing a view caused server crashes. (54568)\n\n - The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused server crashes. (54476)\n\n - The use of an intermediate temporary table and queries containing calls to 'GREATEST()' or 'LEAST()', having a list of both numeric and 'LONGBLOB' arguments, caused server crashes. (54461)\n\n - The use of nested joins in prepared statements or stored procedures could result in infinite loops.\n (53544)", "published": "2010-10-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49711", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2009-5026", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-07-18T14:01:39"}, {"id": "SUSE_11_LIBMYSQLCLIENT-DEVEL-111013.NASL", "type": "nessus", "title": "SuSE 11.1 Security Update : MySQL (SAT Patch Number 5285)", "description": "This MySQL version update to 5.0.94 update fixes the following security issues :\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)", "published": "2011-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57114", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-10-29T13:35:27"}, {"id": "SUSE_11_4_LIBMARIADBCLIENT16-110701.NASL", "type": "nessus", "title": "openSUSE Security Update : libmariadbclient16 (openSUSE-SU-2011:0743-1)", "description": "MariaDB was updated to version 5.1.55 to fix numerous bugs and security issues.", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75898", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-10-29T13:44:09"}, {"id": "SUSE_11_LIBMYSQLCLIENT-DEVEL-111014.NASL", "type": "nessus", "title": "SuSE 11.1 Security Update : MySQL (SAT Patch Number 5285)", "description": "This MySQL version update to 5.0.94 update fixes the following security issues :\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate) (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)", "published": "2011-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57115", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-10-29T13:45:05"}, {"id": "MANDRIVA_MDVSA-2010-223.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)", "description": "Multiple vulnerabilities were discovered and corrected in mysql :\n\n - During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash (CVE-2010-3833).\n\n - The server could crash after materializing a derived table that required a temporary table for grouping (CVE-2010-3834).\n\n - A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted (CVE-2010-3835).\n\n - Pre-evaluation of LIKE predicates during view preparation could cause a server crash (CVE-2010-3836).\n\n - GROUP_CONCAT() and WITH ROLLUP together could cause a server crash (CVE-2010-3837).\n\n - Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table (CVE-2010-3838).\n\n - Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements (CVE-2010-3839).\n\n - The PolyFromWKB() function could crash the server when improper WKB data was passed to the function (CVE-2010-3840).\n\nThe updated packages have been patched to correct these issues.", "published": "2010-11-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50534", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-10-29T13:42:30"}, {"id": "MYSQL_5_5_6.NASL", "type": "nessus", "title": "MySQL < 5.5.6 Multiple Denial of Service", "description": "The version of MySQL installed on the remote host is older than 5.5.6. As such, it reportedly is prone to multiple denial of service attacks :\n\n - The improper handling of type errors during argument evaluation in extreme-value functions, e.g., 'LEAST()' or 'GREATEST()' causes server crashes. (CVE-2010-3833)\n\n - Remote authenticated attackers could crash the server.\n (CVE-2010-3834 & CVE-2010-3836)\n\n - The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused server crashes. (CVE-2010-3837)\n\n - The use of an intermediate temporary table and queries containing calls to 'GREATEST()' or 'LEAST()', having a list of both numeric and 'LONGBLOB' arguments, caused server crashes. (CVE-2010-3838)\n\n - The use of nested joins in prepared statements or stored procedures could result in infinite loops. (CVE-2010-3839)", "published": "2012-01-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17836", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-07-18T14:09:40"}, {"id": "SUSE_11_3_LIBMYSQLCLUSTERCLIENT16-110706.NASL", "type": "nessus", "title": "openSUSE Security Update : libmysqlclusterclient16 (openSUSE-SU-2011:0774-1)", "description": "This update fixes the following security issue :\n\n - 676974: mysql-cluster: security issues fixed in MySQL 5.1.51\n\nThis update also fixes the following non-security issue :\n\n - 635645: mysql init script fails to start when SELinux is enabled", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75590", "cvelist": ["CVE-2010-3837", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3836", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2017-10-29T13:42:28"}], "redhat": [{"id": "RHSA-2010:0825", "type": "redhat", "title": "(RHSA-2010:0825) Moderate: mysql security update", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nIt was found that the MySQL PolyFromWKB() function did not sanity check\nWell-Known Binary (WKB) data. A remote, authenticated attacker could use\nspecially-crafted WKB data to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3840)\n\nA flaw was found in the way MySQL processed certain JOIN queries. If a\nstored procedure contained JOIN queries, and that procedure was executed\ntwice in sequence, it could cause an infinite loop, leading to excessive\nCPU use (up to 100%). A remote, authenticated attacker could use this flaw\nto cause a denial of service. (CVE-2010-3839)\n\nA flaw was found in the way MySQL processed queries that provide a mixture\nof numeric and longblob data types to the LEAST or GREATEST function. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3838)\n\nA flaw was found in the way MySQL processed PREPARE statements containing\nboth GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated\nattacker could use this flaw to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3837)\n\nIt was found that MySQL did not properly pre-evaluate LIKE arguments in\nview prepare mode. A remote, authenticated attacker could possibly use this\nflaw to crash mysqld. (CVE-2010-3836)\n\nA flaw was found in the way MySQL processed statements that assign a value\nto a user-defined variable and that also contain a logical value\nevaluation. A remote, authenticated attacker could use this flaw to crash\nmysqld. This issue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3835)\n\nA flaw was found in the way MySQL evaluated the arguments of extreme-value\nfunctions, such as LEAST and GREATEST. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3833)\n\nA flaw was found in the way MySQL processed EXPLAIN statements for some\ncomplex SELECT queries. A remote, authenticated attacker could use this\nflaw to crash mysqld. This issue only caused a temporary denial of service,\nas mysqld was automatically restarted after the crash. (CVE-2010-3682)\n\nA flaw was found in the way MySQL processed certain alternating READ\nrequests provided by HANDLER statements. A remote, authenticated attacker\ncould use this flaw to provide such requests, causing mysqld to crash. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3681)\n\nA flaw was found in the way MySQL processed CREATE TEMPORARY TABLE\nstatements that define NULL columns when using the InnoDB storage engine. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3680)\n\nA flaw was found in the way MySQL processed JOIN queries that attempt to\nretrieve data from a unique SET column. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3677)\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.\n", "published": "2010-11-03T04:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0825", "cvelist": ["CVE-2010-3677", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3833", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840"], "lastseen": "2017-09-09T07:20:07"}, {"id": "RHSA-2011:0164", "type": "redhat", "title": "(RHSA-2011:0164) Moderate: mysql security update", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe MySQL PolyFromWKB() function did not sanity check Well-Known Binary\n(WKB) data, which could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3840)\n\nA flaw in the way MySQL processed certain JOIN queries could allow a\nremote, authenticated attacker to cause excessive CPU use (up to 100%), if\na stored procedure contained JOIN queries, and that procedure was executed\ntwice in sequence. (CVE-2010-3839)\n\nA flaw in the way MySQL processed queries that provide a mixture of numeric\nand longblob data types to the LEAST or GREATEST function, could allow a\nremote, authenticated attacker to crash mysqld. (CVE-2010-3838)\n\nA flaw in the way MySQL processed PREPARE statements containing both\nGROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3837)\n\nMySQL did not properly pre-evaluate LIKE arguments in view prepare mode,\npossibly allowing a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3836)\n\nA flaw in the way MySQL processed statements that assign a value to a\nuser-defined variable and that also contain a logical value evaluation\ncould allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3835)\n\nA flaw in the way MySQL evaluated the arguments of extreme-value functions,\nsuch as LEAST and GREATEST, could allow a remote, authenticated attacker to\ncrash mysqld. (CVE-2010-3833)\n\nA flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to\nsend OK packets even when there were errors. (CVE-2010-3683)\n\nA flaw in the way MySQL processed EXPLAIN statements for some complex\nSELECT queries could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3682)\n\nA flaw in the way MySQL processed certain alternating READ requests\nprovided by HANDLER statements could allow a remote, authenticated attacker\nto crash mysqld. (CVE-2010-3681)\n\nA flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that\ndefine NULL columns when using the InnoDB storage engine, could allow a\nremote, authenticated attacker to crash mysqld. (CVE-2010-3680)\n\nA flaw in the way MySQL processed certain values provided to the BINLOG\nstatement caused MySQL to read unassigned memory. A remote, authenticated\nattacker could possibly use this flaw to crash mysqld. (CVE-2010-3679)\n\nA flaw in the way MySQL processed SQL queries containing IN or CASE\nstatements, when a NULL argument was provided as one of the arguments to\nthe query, could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3678)\n\nA flaw in the way MySQL processed JOIN queries that attempt to retrieve\ndata from a unique SET column could allow a remote, authenticated attacker\nto crash mysqld. (CVE-2010-3677)\n\nNote: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,\nCVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678,\nand CVE-2010-3677 only cause a temporary denial of service, as mysqld was\nautomatically restarted after each crash.\n\nThese updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL\nrelease notes for a full list of changes:\n\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "published": "2011-01-18T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0164", "cvelist": ["CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840"], "lastseen": "2018-06-12T21:09:10"}, {"id": "RHSA-2010:0824", "type": "redhat", "title": "(RHSA-2010:0824) Moderate: mysql security update", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nIt was found that the MySQL PolyFromWKB() function did not sanity check\nWell-Known Binary (WKB) data. A remote, authenticated attacker could use\nspecially-crafted WKB data to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3840)\n\nA flaw was found in the way MySQL processed certain alternating READ\nrequests provided by HANDLER statements. A remote, authenticated attacker\ncould use this flaw to provide such requests, causing mysqld to crash. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3681)\n\nA directory traversal flaw was found in the way MySQL handled the\nparameters of the MySQL COM_FIELD_LIST network protocol command. A remote,\nauthenticated attacker could use this flaw to obtain descriptions of the\nfields of an arbitrary table using a request with a specially-crafted\ntable name. (CVE-2010-1848)\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.\n", "published": "2010-11-03T04:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0824", "cvelist": ["CVE-2010-1848", "CVE-2010-3681", "CVE-2010-3840"], "lastseen": "2017-09-09T07:19:35"}], "centos": [{"id": "CESA-2010:0825", "type": "centos", "title": "mysql security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0825\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nIt was found that the MySQL PolyFromWKB() function did not sanity check\nWell-Known Binary (WKB) data. A remote, authenticated attacker could use\nspecially-crafted WKB data to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3840)\n\nA flaw was found in the way MySQL processed certain JOIN queries. If a\nstored procedure contained JOIN queries, and that procedure was executed\ntwice in sequence, it could cause an infinite loop, leading to excessive\nCPU use (up to 100%). A remote, authenticated attacker could use this flaw\nto cause a denial of service. (CVE-2010-3839)\n\nA flaw was found in the way MySQL processed queries that provide a mixture\nof numeric and longblob data types to the LEAST or GREATEST function. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3838)\n\nA flaw was found in the way MySQL processed PREPARE statements containing\nboth GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated\nattacker could use this flaw to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3837)\n\nIt was found that MySQL did not properly pre-evaluate LIKE arguments in\nview prepare mode. A remote, authenticated attacker could possibly use this\nflaw to crash mysqld. (CVE-2010-3836)\n\nA flaw was found in the way MySQL processed statements that assign a value\nto a user-defined variable and that also contain a logical value\nevaluation. A remote, authenticated attacker could use this flaw to crash\nmysqld. This issue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3835)\n\nA flaw was found in the way MySQL evaluated the arguments of extreme-value\nfunctions, such as LEAST and GREATEST. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3833)\n\nA flaw was found in the way MySQL processed EXPLAIN statements for some\ncomplex SELECT queries. A remote, authenticated attacker could use this\nflaw to crash mysqld. This issue only caused a temporary denial of service,\nas mysqld was automatically restarted after the crash. (CVE-2010-3682)\n\nA flaw was found in the way MySQL processed certain alternating READ\nrequests provided by HANDLER statements. A remote, authenticated attacker\ncould use this flaw to provide such requests, causing mysqld to crash. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3681)\n\nA flaw was found in the way MySQL processed CREATE TEMPORARY TABLE\nstatements that define NULL columns when using the InnoDB storage engine. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3680)\n\nA flaw was found in the way MySQL processed JOIN queries that attempt to\nretrieve data from a unique SET column. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3677)\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017144.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017145.html\n\n**Affected packages:**\nmysql\nmysql-bench\nmysql-devel\nmysql-server\nmysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0825.html", "published": "2010-11-05T10:26:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-November/017144.html", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3838"], "lastseen": "2017-10-03T18:24:36"}, {"id": "CESA-2010:0824", "type": "centos", "title": "mysql security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0824\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nIt was found that the MySQL PolyFromWKB() function did not sanity check\nWell-Known Binary (WKB) data. A remote, authenticated attacker could use\nspecially-crafted WKB data to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3840)\n\nA flaw was found in the way MySQL processed certain alternating READ\nrequests provided by HANDLER statements. A remote, authenticated attacker\ncould use this flaw to provide such requests, causing mysqld to crash. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3681)\n\nA directory traversal flaw was found in the way MySQL handled the\nparameters of the MySQL COM_FIELD_LIST network protocol command. A remote,\nauthenticated attacker could use this flaw to obtain descriptions of the\nfields of an arbitrary table using a request with a specially-crafted\ntable name. (CVE-2010-1848)\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017142.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017143.html\n\n**Affected packages:**\nmysql\nmysql-bench\nmysql-devel\nmysql-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0824.html", "published": "2010-11-05T10:22:54", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-November/017142.html", "cvelist": ["CVE-2010-3681", "CVE-2010-3840", "CVE-2010-1848"], "lastseen": "2017-10-03T18:26:53"}], "oraclelinux": [{"id": "ELSA-2010-0825", "type": "oraclelinux", "title": "mysql security update", "description": " \n[5.0.77-4.4]\r\n- Add fixes for CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682,\r\n CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838,\r\n CVE-2010-3839, CVE-2010-3840\r\nResolves: #645642\r\n- Backpatch strmov fix so that code can be tested on more recent platforms ", "published": "2010-11-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0825.html", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3838"], "lastseen": "2016-09-04T11:16:12"}, {"id": "ELSA-2011-0164", "type": "oraclelinux", "title": "mysql security update", "description": "[5.1.52-1.1]\n- Update to MySQL 5.1.52, for various fixes described at\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n including numerous small security issues\nResolves: #652553\n- Sync with current Fedora package; this includes:\n- Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and -embedded subpackages,\n to ensure they are available when any subset of mysql RPMs are installed,\n per revised packaging guidelines\n- Allow init script's STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig", "published": "2011-02-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-0164.html", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-3836", "CVE-2010-3683", "CVE-2010-3677", "CVE-2010-3838"], "lastseen": "2016-09-04T11:16:37"}, {"id": "ELSA-2010-0824", "type": "oraclelinux", "title": "mysql security update", "description": "[4.1.22-2.el4.4]\n- Add fixes for CVE-2010-1848, CVE-2010-3681, CVE-2010-3840\nResolves: #645637\n- Backpatch longlong overflow fix so that code can be tested on\n more recent platforms ", "published": "2010-11-03T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0824.html", "cvelist": ["CVE-2010-3681", "CVE-2010-3840", "CVE-2010-1848"], "lastseen": "2016-09-04T11:16:24"}], "debian": [{"id": "DSA-2143", "type": "debian", "title": "mysql-dfsg-5.0 -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-3677](<https://security-tracker.debian.org/tracker/CVE-2010-3677>)\n\nIt was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.\n\n * [CVE-2010-3680](<https://security-tracker.debian.org/tracker/CVE-2010-3680>)\n\nIt was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure.\n\n * [CVE-2010-3681](<https://security-tracker.debian.org/tracker/CVE-2010-3681>)\n\nIt was discovered that MySQL allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing \"alternate reads from two indexes on a table,\" which triggers an assertion failure.\n\n * [CVE-2010-3682](<https://security-tracker.debian.org/tracker/CVE-2010-3682>)\n\nIt was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could crash the server.\n\n * [CVE-2010-3833](<https://security-tracker.debian.org/tracker/CVE-2010-3833>)\n\nIt was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could crash the server.\n\n * [CVE-2010-3834](<https://security-tracker.debian.org/tracker/CVE-2010-3834>)\n\nIt was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could crash the server.\n\n * [CVE-2010-3835](<https://security-tracker.debian.org/tracker/CVE-2010-3835>)\n\nIt was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could crash the server.\n\n * [CVE-2010-3836](<https://security-tracker.debian.org/tracker/CVE-2010-3836>)\n\nIt was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could crash the server.\n\n * [CVE-2010-3837](<https://security-tracker.debian.org/tracker/CVE-2010-3837>)\n\nIt was discovered that MySQL incorrectly handled using GROUP_CONCAT() and WITH ROLLUP together. An authenticated user could crash the server.\n\n * [CVE-2010-3838](<https://security-tracker.debian.org/tracker/CVE-2010-3838>)\n\nIt was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST() functions. An authenticated user could crash the server.\n\n * [CVE-2010-3840](<https://security-tracker.debian.org/tracker/CVE-2010-3840>)\n\nIt was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB() function. An authenticated user could crash the server.\n\nFor the stable distribution (lenny), these problems have been fixed in version 5.0.51a-24+lenny5.\n\nThe testing (squeeze) and unstable (sid) distribution do not contain mysql-dfsg-5.0 anymore.\n\nWe recommend that you upgrade your mysql-dfsg-5.0 packages.\n\nFurther information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: [https://www.debian.org/security/](<../../security/>)", "published": "2011-01-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2143", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2016-09-02T18:24:43"}], "ubuntu": [{"id": "USN-1017-1", "type": "ubuntu", "title": "MySQL vulnerabilities", "description": "It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)\n\nIt was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)\n\nIt was discovered that MySQL incorrectly handled NULL arguments to IN() or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3678)\n\nIt was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3679)\n\nIt was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3680)\n\nIt was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3681)\n\nIt was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3682)\n\nIt was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3683)\n\nIt was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3833)\n\nIt was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3834)\n\nIt was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3835)\n\nIt was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3836)\n\nIt was discovered that MySQL incorrectly handled using GROUP_CONCAT() and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3837)\n\nIt was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST() functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3838)\n\nIt was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-3839)\n\nIt was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB() function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3840)", "published": "2010-11-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1017-1/", "cvelist": ["CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2010-3839", "CVE-2010-3835", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-2008", "CVE-2010-3836", "CVE-2010-3683", "CVE-2010-3677", "CVE-2010-3834", "CVE-2010-3838"], "lastseen": "2018-03-29T18:20:20"}, {"id": "USN-1397-1", "type": "ubuntu", "title": "MySQL vulnerabilities", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\n\n<http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html> <http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html> <http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html>", "published": "2012-03-12T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1397-1/", "cvelist": ["CVE-2012-0075", "CVE-2012-0489", "CVE-2009-2446", "CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2008-4456", "CVE-2010-3839", "CVE-2009-4030", "CVE-2010-3835", "CVE-2012-0112", "CVE-2010-3681", "CVE-2010-3833", "CVE-2012-0491", "CVE-2012-0496", "CVE-2012-0113", "CVE-2007-5925", "CVE-2010-3840", "CVE-2012-0484", "CVE-2012-0494", "CVE-2012-0115", "CVE-2010-1621", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-1626", "CVE-2008-4098", "CVE-2010-2008", "CVE-2012-0101", "CVE-2010-3836", "CVE-2012-0488", "CVE-2010-3683", "CVE-2010-3677", "CVE-2008-3963", "CVE-2012-0493", "CVE-2010-1850", "CVE-2012-0114", "CVE-2010-3834", "CVE-2012-0495", "CVE-2010-3838", "CVE-2012-0119", "CVE-2012-0492", "CVE-2012-0116", "CVE-2012-0485", "CVE-2010-1848", "CVE-2008-7247", "CVE-2012-0117", "CVE-2012-0487", "CVE-2012-0087", "CVE-2012-0490", "CVE-2010-1849", "CVE-2012-0120", "CVE-2009-4019", "CVE-2011-2262", "CVE-2012-0118", "CVE-2009-4484", "CVE-2012-0102", "CVE-2012-0486"], "lastseen": "2018-03-29T18:20:17"}], "gentoo": [{"id": "GLSA-201201-02", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "description": "### Background\n\nMySQL is a popular open-source multi-threaded, multi-user SQL database server. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.1.56\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue.", "published": "2012-01-05T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201201-02", "cvelist": ["CVE-2009-2446", "CVE-2010-3837", "CVE-2010-3680", "CVE-2010-3678", "CVE-2008-4456", "CVE-2010-3839", "CVE-2010-3835", "CVE-2008-4097", "CVE-2010-3681", "CVE-2010-3833", "CVE-2010-3840", "CVE-2010-1621", "CVE-2009-4028", "CVE-2010-3682", "CVE-2010-3679", "CVE-2010-1626", "CVE-2008-4098", "CVE-2010-2008", "CVE-2010-3676", "CVE-2010-3836", "CVE-2010-3683", "CVE-2010-3677", "CVE-2008-3963", "CVE-2010-1850", "CVE-2010-3834", "CVE-2010-3838", "CVE-2010-1848", "CVE-2008-7247", "CVE-2010-1849", "CVE-2009-4019", "CVE-2009-4484"], "lastseen": "2016-09-06T19:47:06"}], "exploitdb": [{"id": "EDB-ID:34505", "type": "exploitdb", "title": "MySQL <= 5.1.48 - 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability", "description": "MySQL 5.1.48 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability. CVE-2010-3680. Dos exploit for php platform", "published": "2010-08-19T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/34505/", "cvelist": ["CVE-2010-3680"], "lastseen": "2016-02-03T23:22:38"}, {"id": "EDB-ID:15467", "type": "exploitdb", "title": "Oracle MySQL < 5.1.49 - 'WITH ROLLUP' Denial of Service Vulnerability", "description": "Oracle MySQL < 5.1.49 - 'WITH ROLLUP' Denial of Service Vulnerability. CVE-2010-3678. Dos exploits for multiple platform", "published": "2010-11-09T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/15467/", "cvelist": ["CVE-2010-3678"], "lastseen": "2016-02-01T21:54:11"}, {"id": "EDB-ID:34520", "type": "exploitdb", "title": "Oracle MySQL <= 5.1.48 - 'HANDLER' interface Denial Of Service Vulnerability", "description": "Oracle MySQL 5.1.48 'HANDLER' interface Denial Of Service Vulnerability. CVE-2010-3681. Dos exploit for linux platform", "published": "2010-08-20T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/34520/", "cvelist": ["CVE-2010-3681"], "lastseen": "2016-02-03T23:24:53"}, {"id": "EDB-ID:34506", "type": "exploitdb", "title": "MySQL <= 5.1.48 - 'EXPLAIN' Denial Of Service Vulnerability", "description": "MySQL 5.1.48 'EXPLAIN' Denial Of Service Vulnerability. CVE-2010-3682. Dos exploit for linux platform", "published": "2010-08-20T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/34506/", "cvelist": ["CVE-2010-3682"], "lastseen": "2016-02-03T23:22:50"}, {"id": "EDB-ID:34521", "type": "exploitdb", "title": "Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial Of Service Vulnerability", "description": "Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability. CVE-2010-3679. Dos exploit for linux platform", "published": "2010-08-20T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/34521/", "cvelist": ["CVE-2010-3679"], "lastseen": "2016-02-03T23:25:03"}, {"id": "EDB-ID:34510", "type": "exploitdb", "title": "OraclMySQL <= 5.1.48 - 'LOAD DATA INFILE' Denial Of Service Vulnerability", "description": "OraclMySQL 5.1.48 'LOAD DATA INFILE' Denial Of Service Vulnerability. CVE-2010-3683 . Dos exploit for linux platform", "published": "2010-08-20T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/34510/", "cvelist": ["CVE-2010-3683"], "lastseen": "2016-02-03T23:23:32"}]}}
