CVE-2010-3679
published 2011-01-11CVE-2010-3679: Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG…
PriorityP420medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
12.23%
95.7th percentile
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
vendor_ubuntu3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2010-11-11·CVSS 3.5
CVE-2010-2008 [LOW] MySQL vulnerabilities
Title: MySQL vulnerabilities
It was discovered that MySQL incorrectly handled certain requests with the
UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)
It was discovered that MySQL incorrectly handled joins involving a table
with a unique SET column. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)
It was discovered that MySQL incorrectly handled NULL arguments to IN() or
CASE operations. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu 9.10
Red Hat
MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)
vendor_redhat·2010-09-07·CVSS 4.0
CVE-2010-3679 [MEDIUM] MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)
MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
Statement: Not vulnerable. This issue did not affect the versions of mysql as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
Package: mysql (Red Hat Enterprise Linux 4) - Not affected
Package: mysql (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-p3mv-xmc9-r2fr: Oracle MySQL 5
ghsa_unreviewed·2022-05-13
CVE-2010-3679 [MEDIUM] GHSA-p3mv-xmc9-r2fr: Oracle MySQL 5
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
bugzilla·2010-09-23·CVSS 4.0
CVE-2010-3676 [MEDIUM] CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
CVE-2010-3676 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 mysql various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new
Bugzilla
CVE-2010-3679 MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)
bugzilla·2010-08-27·CVSS 4.0
CVE-2010-3679 [MEDIUM] CVE-2010-3679 MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)
CVE-2010-3679 MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)
A use of unassigned memory was found in the way MySQL processed certain values
provided to the BINLOG statement. A remote attacker could use this flaw to
cause denial of service (mysqld daemon crash) in some cases.
References:
[1] http://secunia.com/advisories/41048/
[2] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
Upstream bug report:
[3] http://bugs.mysql.com/bug.php?id=54393
Upstream changeset:
[4] http://lists.mysql.com/commits/111591
Note:
The impact of this flaw is further mitigated by the requirement only
privileged user can run the BINLOG statement.
Discussion:
Public reproducers (from [4]):
BINLOG '';
BINLOG '123';
BINLOG '-207
http://bugs.mysql.com/bug.php?id=54393http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://secunia.com/advisories/42936http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.redhat.com/support/errata/RHSA-2011-0164.htmlhttp://www.securityfocus.com/bid/42638http://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2011/0133http://www.vupen.com/english/advisories/2011/0170https://bugzilla.redhat.com/show_bug.cgi?id=628062https://exchange.xforce.ibmcloud.com/vulnerabilities/64687http://bugs.mysql.com/bug.php?id=54393http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htmlhttp://secunia.com/advisories/42936http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.mandriva.com/security/advisories?name=MDVSA-2011:012http://www.openwall.com/lists/oss-security/2010/09/28/10http://www.redhat.com/support/errata/RHSA-2011-0164.htmlhttp://www.securityfocus.com/bid/42638http://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2011/0133http://www.vupen.com/english/advisories/2011/0170https://bugzilla.redhat.com/show_bug.cgi?id=628062https://exchange.xforce.ibmcloud.com/vulnerabilities/64687
2011-01-11
Published