SB2011011402 - Multiple vulnerabilities in Google, mysql
Published: January 14, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2010-3839)
The vulnerability allows a remote #AU# to perform service disruption.
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
2) Resource management error (CVE-ID: CVE-2010-3836)
The vulnerability allows a remote #AU# to perform service disruption.
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
3) Use-after-free (CVE-ID: CVE-2010-3837)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object. A remote authenticated users can cause a denial of service (server crash).
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Input validation error (CVE-ID: CVE-2010-3838)
The vulnerability allows a remote #AU# to perform service disruption.
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
5) Input validation error (CVE-ID: CVE-2010-3835)
The vulnerability allows a remote #AU# to perform service disruption.
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
6) Input validation error (CVE-ID: CVE-2010-3834)
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
7) Input validation error (CVE-ID: CVE-2010-3833)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ..
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://bugs.mysql.com/bug.php?id=53544
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
- http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
- http://secunia.com/advisories/42936
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:223
- http://www.redhat.com/support/errata/RHSA-2010-0825.html
- http://www.redhat.com/support/errata/RHSA-2011-0164.html
- http://www.securityfocus.com/bid/43676
- http://www.ubuntu.com/usn/USN-1017-1
- http://www.ubuntu.com/usn/USN-1397-1
- http://www.vupen.com/english/advisories/2011/0170
- https://bugzilla.redhat.com/show_bug.cgi?id=640861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64839
- http://bugs.mysql.com/bug.php?id=54568
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
- http://secunia.com/advisories/42875
- http://support.apple.com/kb/HT4723
- http://www.debian.org/security/2011/dsa-2143
- http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
- http://www.vupen.com/english/advisories/2011/0105
- http://www.vupen.com/english/advisories/2011/0345
- https://bugzilla.redhat.com/show_bug.cgi?id=640845
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64842
- http://bugs.mysql.com/bug.php?id=54476
- https://bugzilla.redhat.com/show_bug.cgi?id=640856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64841
- http://bugs.mysql.com/bug.php?id=54461
- https://bugzilla.redhat.com/show_bug.cgi?id=640858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64840
- http://bugs.mysql.com/bug.php?id=55564
- https://bugzilla.redhat.com/show_bug.cgi?id=640819
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64843
- http://bugs.mysql.com/bug.php?id=55568
- https://bugzilla.redhat.com/show_bug.cgi?id=640808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64844
- http://bugs.mysql.com/bug.php?id=55826
- https://bugzilla.redhat.com/show_bug.cgi?id=640751
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64845