Executive Summary
Summary | |
---|---|
Title | mysql security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0164 | First vendor Publication | 2011-01-18 |
Vendor | RedHat | Last vendor Modification | 2011-01-18 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840) A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839) A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3838) A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837) MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836) A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3835) A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833) A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683) A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682) A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681) A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3680) A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679) A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678) A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677) Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash. These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 628040 - CVE-2010-3677 MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575) 628062 - CVE-2010-3679 MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393) 628172 - CVE-2010-3678 MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477) 628192 - CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044) 628328 - CVE-2010-3682 MySQL: mysqld DoS (crash) by processing EXPLAIN statements for complex SQL queries (MySQL bug #52711) 628680 - CVE-2010-3681 MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007) 628698 - CVE-2010-3683 MySQL: mysqld DoS (assertion failure) while reading the file back into a table (MySQL bug #52512) 640751 - CVE-2010-3833 MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826) 640819 - CVE-2010-3835 MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564) 640845 - CVE-2010-3836 MySQL: pre-evaluating LIKE arguments in view prepare mode causes crash (MySQL Bug#54568) 640856 - CVE-2010-3837 MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476) 640858 - CVE-2010-3838 MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461) 640861 - CVE-2010-3839 MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544) 640865 - CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0164.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
86 % | CWE-399 | Resource Management Errors |
14 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12161 | |||
Oval ID: | oval:org.mitre.oval:def:12161 | ||
Title: | DSA-2143-1 mysql-dfsg-5.0 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service via a join query that uses a table with a unique SET column. CVE-2010-3680 It was discovered that MySQL allows remote authenticated users to cause a denial of service by creating temporary tables while using InnoDB, which triggers an assertion failure. CVE-2010-3681 It was discovered that MySQL allows remote authenticated users to cause a denial of service by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. CVE-2010-3682 It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could crash the server. CVE-2010-3833 It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could crash the server. CVE-2010-3834 It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could crash the server. CVE-2010-3835 It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could crash the server. CVE-2010-3836 It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could crash the server. CVE-2010-3837 It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could crash the server. CVE-2010-3838 It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could crash the server. CVE-2010-3840 It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could crash the server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2143-1 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3840 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13602 | |||
Oval ID: | oval:org.mitre.oval:def:13602 | ||
Title: | USN-1017-1 -- mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities | ||
Description: | It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled NULL arguments to IN or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1017-1 CVE-2010-2008 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 | Product(s): | mysql-5.1 mysql-dfsg-5.0 mysql-dfsg-5.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22337 | |||
Oval ID: | oval:org.mitre.oval:def:22337 | ||
Title: | RHSA-2010:0825: mysql security update (Moderate) | ||
Description: | The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0825-01 CESA-2010:0825 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 146 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23210 | |||
Oval ID: | oval:org.mitre.oval:def:23210 | ||
Title: | ELSA-2010:0825: mysql security update (Moderate) | ||
Description: | The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0825-01 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 49 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27723 | |||
Oval ID: | oval:org.mitre.oval:def:27723 | ||
Title: | DEPRECATED: ELSA-2010-0825 -- mysql security update (moderate) | ||
Description: | [5.0.77-4.4] - Add fixes for CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840 Resolves: #645642 - Backpatch strmov fix so that code can be tested on more recent platforms | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0825 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28197 | |||
Oval ID: | oval:org.mitre.oval:def:28197 | ||
Title: | DEPRECATED: ELSA-2011-0164 -- mysql security update (moderate) | ||
Description: | [5.1.52-1.1] - Update to MySQL 5.1.52, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html including numerous small security issues Resolves: #652553 - Sync with current Fedora package; this includes: - Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and -embedded subpackages, to ensure they are available when any subset of mysql RPMs are installed, per revised packaging guidelines - Allow init script's STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0164 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | mysql |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-05 | Name : RedHat Update for mysql RHSA-2011:0164-01 File : nvt/gb_RHSA-2011_0164-01_mysql.nasl |
2012-03-16 | Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-02 (MySQL) File : nvt/glsa_201201_02.nasl |
2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
2011-01-21 | Name : MySQL Multiple Denial of Service Vulnerabilities File : nvt/gb_mysql_mult_dos_vuln_jan11.nasl |
2011-01-21 | Name : Mandriva Update for mysql MDVSA-2011:012 (mysql) File : nvt/gb_mandriva_MDVSA_2011_012.nasl |
2011-01-21 | Name : MySQL Denial of Service (infinite loop) Vulnerabilities File : nvt/gb_mysql_infinite_loop_dos_vuln.nasl |
2011-01-21 | Name : MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability File : nvt/gb_mysql_gis_line_string_dos_vuln.nasl |
2011-01-18 | Name : MySQL Mysqld Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_mysqld_mult_dos_vuln.nasl |
2011-01-18 | Name : MySQL Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_mult_dos_vuln.nasl |
2011-01-18 | Name : MySQL Handler Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_handler_mult_dos_vuln.nasl |
2010-12-02 | Name : Fedora Update for mysql FEDORA-2010-15147 File : nvt/gb_fedora_2010_15147_mysql_fc14.nasl |
2010-11-16 | Name : RedHat Update for mysql RHSA-2010:0824-01 File : nvt/gb_RHSA-2010_0824-01_mysql.nasl |
2010-11-16 | Name : Ubuntu Update for MySQL vulnerabilities USN-1017-1 File : nvt/gb_ubuntu_USN_1017_1.nasl |
2010-11-16 | Name : Mandriva Update for mysql MDVSA-2010:223 (mysql) File : nvt/gb_mandriva_MDVSA_2010_223.nasl |
2010-11-16 | Name : Mandriva Update for mysql MDVSA-2010:222 (mysql) File : nvt/gb_mandriva_MDVSA_2010_222.nasl |
2010-11-16 | Name : Mandriva Update for mysql MDVSA-2010:155-1 (mysql) File : nvt/gb_mandriva_MDVSA_2010_155_1.nasl |
2010-11-16 | Name : RedHat Update for mysql RHSA-2010:0825-01 File : nvt/gb_RHSA-2010_0825-01_mysql.nasl |
2010-11-16 | Name : CentOS Update for mysql CESA-2010:0824 centos4 i386 File : nvt/gb_CESA-2010_0824_mysql_centos4_i386.nasl |
2010-11-10 | Name : Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_43676.nasl |
2010-10-19 | Name : Fedora Update for mysql FEDORA-2010-15166 File : nvt/gb_fedora_2010_15166_mysql_fc13.nasl |
2010-09-07 | Name : Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_5_1_49.nasl |
2010-08-30 | Name : Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability File : nvt/gb_mysql_42598.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69394 | MySQL Temporary Table Expression Re-Evaluation DoS |
69393 | MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS |
69392 | MySQL Extreme-Value Functions Mixed Arguments DoS |
69391 | MySQL Stored Procedures / Prepared Statements Nested Joins DoS |
69390 | MySQL Extreme-Value Functions Argument Parsing Type Error DoS |
69387 | MySQL LIKE Predicates Pre-Evaluation DoS |
69001 | MySQL PolyFromWKB() Function WKB Data Remote DoS MySQL contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'PolyFromWKB()' function is exploited through the use of specially crafted WKB data, resulting in a denial of service. |
69000 | MySQL HANDLER Interface Unspecified READ Request DoS MySQL contains a flaw that may allow a remote denial of service. The issue is triggered when MySQL fails to properly process certain alternating READ requests provided by HANDLER statements. This may allow a remote, authenticated user to cause a loss of availability. |
67384 | MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS |
67383 | MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Derefer... |
67381 | MySQL InnoDB Temporary Table Handling DoS |
67380 | MySQL BINLOG Statement Unspecified Argument DoS |
67379 | MySQL Multiple Operation NULL Argument Handling DoS |
67378 | MySQL Unique SET Column Join DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Database unique set column denial of service attempt RuleID : 19094 - Revision : 12 - Type : SERVER-MYSQL |
2014-01-10 | Database unique set column denial of service attempt RuleID : 19093 - Revision : 12 - Type : SERVER-MYSQL |
2014-01-10 | IN NULL argument denial of service attempt RuleID : 19001 - Revision : 8 - Type : SERVER-MYSQL |
2014-01-10 | Database CASE NULL argument denial of service attempt RuleID : 19000 - Revision : 9 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0164.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0825.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110118_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101103_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101103_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is vulnerable to multiple denial of service attacks. File : mysql_5_0_92.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is vulnerable to multiple denial of service attacks. File : mysql_5_5_6.nasl - Type : ACT_GATHER_INFO |
2012-01-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-111014.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-111013.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-004.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-012.nasl - Type : ACT_GATHER_INFO |
2011-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0164.nasl - Type : ACT_GATHER_INFO |
2011-01-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2143.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2010-11-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1017-1.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-223.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-222.nasl - Type : ACT_GATHER_INFO |
2010-11-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12661.nasl - Type : ACT_GATHER_INFO |
2010-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO |
2010-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libmysqlclient-devel-101006.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-7172.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15166.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15147.nasl - Type : ACT_GATHER_INFO |
2010-10-05 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_51.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_49.nasl - Type : ACT_GATHER_INFO |
2010-08-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-155.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:16 |
|