Test ID:	1.3.6.1.4.1.25623.1.0.801566
Category:	Denial of Service
Title:	MySQL Multiple Denial Of Service Vulnerabilities
Summary:	MySQL is prone to multiple denial of service vulnerabilities.
Description:	Summary: MySQL is prone to multiple denial of service vulnerabilities. Vulnerability Insight: The flaws are due to: - An error in 'storage/innobase/dict/dict0crea.c' in 'mysqld' allows remote authenticated users to cause a denial of service by modifying the innodb_file_format or innodb_file_per_table configuration parameters for the InnoDB storage engine. - An error in handling of 'IN' or 'CASE' operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. - An error in handling of certain arguments to the BINLOG command, which triggers an access of uninitialized memory. - An error in creating temporary tables while using InnoDB, which triggers an assertion failure. Vulnerability Impact: Successful exploitation could allow users to cause a Denial of Service. Affected Software/OS: MySQL version 5.1 before 5.1.49 on all running platforms. Solution: Upgrade to MySQL version 5.1.49. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3676 BugTraq ID: 42643 http://www.securityfocus.com/bid/42643 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.vupen.com/english/advisories/2011/0133 XForce ISS Database: mysql-dictocrea-dos(64689) https://exchange.xforce.ibmcloud.com/vulnerabilities/64689 Common Vulnerability Exposure (CVE) ID: CVE-2010-3679 BugTraq ID: 42638 http://www.securityfocus.com/bid/42638 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.redhat.com/support/errata/RHSA-2011-0164.html http://secunia.com/advisories/42936 http://www.ubuntu.com/usn/USN-1017-1 http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2011/0170 XForce ISS Database: mysql-binlog-command-dos(64687) https://exchange.xforce.ibmcloud.com/vulnerabilities/64687 Common Vulnerability Exposure (CVE) ID: CVE-2010-3678 BugTraq ID: 42596 http://www.securityfocus.com/bid/42596 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3680 BugTraq ID: 42598 http://www.securityfocus.com/bid/42598 Debian Security Information: DSA-2143 (Google Search) http://www.debian.org/security/2011/dsa-2143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://secunia.com/advisories/42875 TurboLinux Advisory: TLSA-2011-3 http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt http://www.vupen.com/english/advisories/2011/0105 http://www.vupen.com/english/advisories/2011/0345 XForce ISS Database: mysql-innodb-dos(64686) https://exchange.xforce.ibmcloud.com/vulnerabilities/64686
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.