CVE-2010-3678
published 2011-01-11CVE-2010-3678: Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments…
PriorityP421medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
12.23%
95.7th percentile
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
vendor_ubuntu3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2010-11-11·CVSS 3.5
CVE-2010-2008 [LOW] MySQL vulnerabilities
Title: MySQL vulnerabilities
It was discovered that MySQL incorrectly handled certain requests with the
UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)
It was discovered that MySQL incorrectly handled joins involving a table
with a unique SET column. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)
It was discovered that MySQL incorrectly handled NULL arguments to IN() or
CASE operations. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu 9.10
Red Hat
MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477)
vendor_redhat·2010-07-09·CVSS 4.0
CVE-2010-3678 [MEDIUM] MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477)
MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477)
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
Statement: Not vulnerable. This issue did not affect the versions of mysql as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
Package: mysql (Red Hat Enterprise Linux 4) - Not affected
Package: mysql (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-4cpv-5v5r-w394: Oracle MySQL 5
ghsa_unreviewed·2022-05-13
CVE-2010-3678 [MEDIUM] GHSA-4cpv-5v5r-w394: Oracle MySQL 5
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
No detection rules found.
Bugzilla
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
bugzilla·2010-09-23·CVSS 4.0
CVE-2010-3676 [MEDIUM] CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new
Bugzilla
CVE-2010-3678 MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477)
bugzilla·2010-08-28·CVSS 4.0
CVE-2010-3678 [MEDIUM] CVE-2010-3678 MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477)
CVE-2010-3678 MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477)
A denial of service flaw was found in the way MySQL processed SQL
queries containing IN or CASE statements, when NULL argument was
provided as one of the arguments to the query. A remote MySQL user
could use this flaw to cause myqld daemon crash (dereference a NULL
pointer).
References:
[1] http://secunia.com/advisories/41048/
[2] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
Upstream bug report:
[3] http://bugs.mysql.com/bug.php?id=54477
Upstream changeset:
[4] http://lists.mysql.com/commits/111814
Discussion:
Public issue proof of concepts (from [3]):
A,
drop table if exists `t1`;
create table `t1`(`a` int)engine=myisam;
insert into `t1` values (1);
/*crash1
http://bugs.mysql.com/bug.php?id=54477http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://secunia.com/advisories/42936http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.redhat.com/support/errata/RHSA-2011-0164.htmlhttp://www.securityfocus.com/bid/42596http://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2011/0133http://www.vupen.com/english/advisories/2011/0170https://bugzilla.redhat.com/show_bug.cgi?id=628172http://bugs.mysql.com/bug.php?id=54477http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://secunia.com/advisories/42936http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.redhat.com/support/errata/RHSA-2011-0164.htmlhttp://www.securityfocus.com/bid/42596http://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2011/0133http://www.vupen.com/english/advisories/2011/0170https://bugzilla.redhat.com/show_bug.cgi?id=628172
2011-01-11
Published