GoogleOSV:DSA-1783-1mysql-dfsg-5.0 - several vulnerabilities
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.046 Low
EPSS
Percentile
91.3%
Multiple vulnerabilities have been identified affecting MySQL, a
relational database server, and its associated interactive client
application. The Common Vulnerabilities and Exposures project
identifies the following two problems:
- CVE-2008-3963
Kay Roepke reported that the MySQL server would not properly handle
an empty bit-string literal in an SQL statement, allowing an
authenticated remote attacker to cause a denial of service (a crash)
in mysqld. This issue affects the oldstable distribution (etch), but
not the stable distribution (lenny). - CVE-2008-4456
Thomas Henlich reported that the MySQL commandline client application
did not encode HTML special characters when run in HTML output mode
(that is, βmysql --html β¦β). This could potentially lead to
cross-site scripting or unintended script privilege escalation if
the resulting output is viewed in a browser or incorporated into
a web site.
For the old stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch10.
For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny1.
We recommend that you upgrade your mysql-dfsg-5.0 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mysql-dfsg-5.0 | eq | 5.0.51a-23 | |
| mysql-dfsg-5.0 | eq | 5.0.51a-24 | |
| mysql-dfsg-5.0 | eq | 5.0.51a-24+lenny1~bpo40+1 | |
| mysql-dfsg-5.0 | eq | 5.0.51a-24~bpo40+1 |
References
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.046 Low
EPSS
Percentile
91.3%