4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
mysql is vulnerable to denial of service. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon (mysqld). This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash.
CPE | Name | Operator | Version |
---|---|---|---|
mysql | eq | 5.0.22__2.2.el5_1.1 | |
mysql | eq | 5.0.45__7.el5 | |
mysql | eq | 5.0.77__3.el5 | |
mysql | eq | 5.0.22__2.2.el5_1.1 | |
mysql | eq | 5.0.45__7.el5 | |
mysql | eq | 5.0.77__3.el5 |
bugs.mysql.com/47780
bugs.mysql.com/48291
dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
dev.mysql.com/doc/refman/5.0/en/symbolic-links-to-tables.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
marc.info/?l=oss-security&m=125881733826437&w=2
marc.info/?l=oss-security&m=125883754215621&w=2
marc.info/?l=oss-security&m=125901161824278&w=2
secunia.com/advisories/37717
secunia.com/advisories/38517
secunia.com/advisories/38573
support.apple.com/kb/HT4077
ubuntu.com/usn/usn-897-1
www.debian.org/security/2010/dsa-1997
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0109.html
www.ubuntu.com/usn/USN-1397-1
www.vupen.com/english/advisories/2010/1107
access.redhat.com/errata/RHSA-2010:0109
bugzilla.redhat.com/show_bug.cgi?id=540906
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500
www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html