Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310801573
HistoryJan 21, 2011 - 12:00 a.m.

MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability

2011-01-2100:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
8

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

MySQL is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mysql:mysql";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801573");
  script_version("2024-03-04T14:37:58+0000");
  script_tag(name:"last_modification", value:"2024-03-04 14:37:58 +0000 (Mon, 04 Mar 2024)");
  script_tag(name:"creation_date", value:"2011-01-21 14:38:54 +0100 (Fri, 21 Jan 2011)");
  script_cve_id("CVE-2010-3840");
  script_tag(name:"cvss_base", value:"4.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_name("MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability");
  script_xref(name:"URL", value:"http://secunia.com/advisories/42875");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43676");
  script_xref(name:"URL", value:"http://bugs.mysql.com/bug.php?id=54568");
  script_xref(name:"URL", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("Databases");
  script_dependencies("mysql_version.nasl");
  script_mandatory_keys("MySQL/installed");

  script_tag(name:"impact", value:"Successful exploitation could allow users to cause a denial of service and
  to execute arbitrary code.");

  script_tag(name:"affected", value:"MySQL version 5.1 before 5.1.51.");

  script_tag(name:"insight", value:"The flaw is due to an error in 'Gis_line_string::init_from_wkb()'
  function in 'sql/spatial.cc', allows remote authenticated users to cause a
  denial of service by calling the PolyFromWKB function with WKB data
  containing a crafted number of line strings or line points.");

  script_tag(name:"solution", value:"Upgrade to MySQL version 5.1.51.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"summary", value:"MySQL is prone to a denial of service (DoS) vulnerability.");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE))
  exit(0);

if(!vers = get_app_version(cpe:CPE, port:port))
  exit(0);

if(version_in_range(version:vers, test_version:"5.1", test_version2:"5.1.50")) {
  report = report_fixed_ver(installed_version:vers, vulnerable_range:"5.1 - 5.1.50");
  security_message(port:port, data:report);
  exit(0);
}

exit(99);

Related

veracode 1
prion 1
nvd 1
cvelist 1
cve 1
ubuntucve 1
oraclelinux 3
openvas 22
nessus 26
redhat 3
centos 2
debian 2
osv 1
ubuntu 2
securityvulns 2
gentoo 1
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:30
prion
prion
Code injection
2011-01-14 19:02:00
nvd
nvd
CVE-2010-3840
2011-01-14 19:02:44
cvelist
cvelist
CVE-2010-3840
2011-01-14 18:00:00
cve
cve
CVE-2010-3840
2011-01-14 19:02:44
ubuntucve
ubuntucve
CVE-2010-3840
2010-11-05 00:00:00
oraclelinux
oraclelinux
mysql security update
2010-11-03 00:00:00
mysql security update
2010-11-03 00:00:00
mysql security update
2011-02-10 00:00:00
openvas
openvas
CentOS Update for mysql CESA-2010:0824 centos4 i386
2010-11-16 00:00:00
RedHat Update for mysql RHSA-2010:0824-01
2010-11-16 00:00:00
RedHat Update for mysql RHSA-2010:0824-01
2010-11-16 00:00:00
nessus
nessus
CentOS 4 : mysql (CESA-2010:0824)
2010-11-24 00:00:00
Scientific Linux Security Update : mysql on SL4.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 : mysql (RHSA-2010:0824)
2010-11-04 00:00:00
redhat
redhat
(RHSA-2010:0824) Moderate: mysql security update
2010-11-03 00:00:00
(RHSA-2010:0825) Moderate: mysql security update
2010-11-03 00:00:00
(RHSA-2011:0164) Moderate: mysql security update
2011-01-18 00:00:00
centos
centos
mysql security update
2010-11-05 14:22:54
mysql security update
2010-11-05 14:26:35
debian
debian
[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
2011-01-14 09:07:22
[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
2011-01-14 09:07:22
osv
osv
mysql-dfsg-5.0 - several vulnerabilities
2011-01-14 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2010-11-11 00:00:00
MySQL vulnerabilities
2012-03-12 00:00:00
securityvulns
securityvulns
MySQL multiple security vulnerabilities
2010-11-15 00:00:00
[USN-1017-1] MySQL vulnerabilities
2010-11-15 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON
Related for OPENVAS:1361412562310801573
veracode1prion1nvd1cvelist1cve1ubuntucve1oraclelinux3openvas22nessus26redhat3centos2debian2osv1ubuntu2securityvulns2gentoo1