#VU45465 Resource management error in mysql - CVE-2010-3679
Published: January 11, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45465
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2010-3679
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
mysql
mysql
Software vendor:
Google
Description
The vulnerability allows a remote #AU# to perform service disruption.
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
Remediation
Install update from vendor's website.
External links
- http://bugs.mysql.com/bug.php?id=54393
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
- http://secunia.com/advisories/42936
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
- http://www.openwall.com/lists/oss-security/2010/09/28/10
- http://www.redhat.com/support/errata/RHSA-2011-0164.html
- http://www.securityfocus.com/bid/42638
- http://www.ubuntu.com/usn/USN-1017-1
- http://www.ubuntu.com/usn/USN-1397-1
- http://www.vupen.com/english/advisories/2011/0133
- http://www.vupen.com/english/advisories/2011/0170
- https://bugzilla.redhat.com/show_bug.cgi?id=628062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64687