MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
|
|
SecurityTracker Alert ID: 1024507 |
|
SecurityTracker URL: http://securitytracker.com/id/1024507
|
|
CVE Reference:
CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840
(Links to External Site)
|
Updated: Nov 3 2010
|
Original Entry Date: Oct 5 2010
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 5.1.51
|
Description:
Multiple vulnerabilities were reported in MySQL. A remote authenticated user can cause denial of service conditions.
A remote authenticated user can send specially crafted data to cause the target service to crash.
Errors in the evaluation of arguments to extreme-value functions (e.g., LEAST(), GREATEST()) can trigger a crash.
A derived table that requires a temporary table for grouping can trigger a crash.
When a user-variable assignment expression is used in certain situations, a crash may occur.
A pre-evaluation of LIKE predicates during view preparation can trigger a crash.
A GROUP_CONCAT() and WITH ROLLUP function (called together) can trigger a crash.
A request including the GREATEST() or LEAST() functions with a mixed list of numeric and LONGBLOB arguments can trigger a crash when the results of such a function is processed using an intermediate temporary table.
Queries with nested joins from stored procedures and prepared statements can cause the system to enter an infinite loop.
Specially crafted WKB data can cause the PolyFromWKB() function to crash.
|
Impact:
A remote authenticated user can cause the target service to crash or enter an infinite loop.
|
Solution:
The vendor has issued a fix (5.1.51).
The vendor's advisory is available at:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
|
Vendor URL: www.mysql.com/ (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 04 Oct 2010 21:14:37 +0000
Subject: MySQL
|
#
Security Fix: During evaluation of arguments to extreme-value functions (such as
LEAST() and GREATEST()), type errors did not propagate properly, causing the server to
crash. (Bug#55826)
#
Security Fix: The server could crash after materializing a derived table that required
a temporary table for grouping. (Bug#55568)
#
Security Fix: A user-variable assignment expression that is evaluated in a logical
expression context can be precalculated in a temporary table for GROUP BY. However,
when the expression value is used after creation of the temporary table, it was
re-evaluated, not read from the table and a server crash resulted. (Bug#55564)
#
Security Fix: Pre-evaluation of LIKE predicates during view preparation could cause a
server crash. (Bug#54568)
#
Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a server crash.
(Bug#54476)
#
Security Fix: Queries could cause a server crash if the GREATEST() or LEAST() function
had a mixed list of numeric and LONGBLOB arguments, and the result of such a function
was processed using an intermediate temporary table. (Bug#54461)
#
Security Fix: Queries with nested joins could cause an infinite loop in the server
when used from stored procedures and prepared statements. (Bug#53544)
|
|
