Denial of Service : MySQL Mysqld Multiple Denial Of Service Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801567

Categoría: Denial of Service

Título: MySQL Mysqld Multiple Denial Of Service Vulnerabilities

Resumen: MySQL is prone to multiple denial of service vulnerabilities.

Descripción: Summary:
MySQL is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- An error in handling of a join query that uses a table with a unique
SET column.

- An error in handling of 'EXPLAIN' with crafted
'SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)' statements.

Vulnerability Impact:
Successful exploitation could allow users to cause a Denial of Service
condution.

Affected Software/OS:
MySQL version 5.1 before 5.1.49 and 5.0 before 5.0.92 on all running platform.

Solution:
Upgrade to MySQL version 5.1.49 or 5.0.92

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3677
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
BugTraq ID: 42646
http://www.securityfocus.com/bid/42646
Debian Security Information: DSA-2143 (Google Search)
http://www.debian.org/security/2011/dsa-2143
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
http://bugs.mysql.com/bug.php?id=54575
http://www.openwall.com/lists/oss-security/2010/09/28/10
http://www.redhat.com/support/errata/RHSA-2010-0825.html
http://www.redhat.com/support/errata/RHSA-2011-0164.html
http://secunia.com/advisories/42875
http://secunia.com/advisories/42936
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
TurboLinux Advisory: TLSA-2011-3
http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
http://www.ubuntu.com/usn/USN-1017-1
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2011/0105
http://www.vupen.com/english/advisories/2011/0133
http://www.vupen.com/english/advisories/2011/0170
http://www.vupen.com/english/advisories/2011/0345
XForce ISS Database: mysql-setcolumn-dos(64688)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64688
Common Vulnerability Exposure (CVE) ID: CVE-2010-3682
BugTraq ID: 42599
http://www.securityfocus.com/bid/42599
XForce ISS Database: mysql-itemsinglerowsubselect-dos(64684)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64684

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801567
Categoría:	Denial of Service
Título:	MySQL Mysqld Multiple Denial Of Service Vulnerabilities
Resumen:	MySQL is prone to multiple denial of service vulnerabilities.
Descripción:	Summary: MySQL is prone to multiple denial of service vulnerabilities. Vulnerability Insight: The flaws are due to: - An error in handling of a join query that uses a table with a unique SET column. - An error in handling of 'EXPLAIN' with crafted 'SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)' statements. Vulnerability Impact: Successful exploitation could allow users to cause a Denial of Service condution. Affected Software/OS: MySQL version 5.1 before 5.1.49 and 5.0 before 5.0.92 on all running platform. Solution: Upgrade to MySQL version 5.1.49 or 5.0.92 CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3677 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html BugTraq ID: 42646 http://www.securityfocus.com/bid/42646 Debian Security Information: DSA-2143 (Google Search) http://www.debian.org/security/2011/dsa-2143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://bugs.mysql.com/bug.php?id=54575 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://www.redhat.com/support/errata/RHSA-2011-0164.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html TurboLinux Advisory: TLSA-2011-3 http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt http://www.ubuntu.com/usn/USN-1017-1 http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2011/0105 http://www.vupen.com/english/advisories/2011/0133 http://www.vupen.com/english/advisories/2011/0170 http://www.vupen.com/english/advisories/2011/0345 XForce ISS Database: mysql-setcolumn-dos(64688) https://exchange.xforce.ibmcloud.com/vulnerabilities/64688 Common Vulnerability Exposure (CVE) ID: CVE-2010-3682 BugTraq ID: 42599 http://www.securityfocus.com/bid/42599 XForce ISS Database: mysql-itemsinglerowsubselect-dos(64684) https://exchange.xforce.ibmcloud.com/vulnerabilities/64684
Copyright	Copyright (C) 2011 Greenbone AG