CVE-2010-3679 – Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service
https://notcve.org/view.php?id=CVE-2010-3679
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. Oracle MySQL 5.1 ersiones anteriores a la 5.1.49 permite a los usuarios autenticados remotos provocar una denegación de servicio (bloqueo del demonio mysqld) a través de ciertos argumentos al comando BINLOG, que desencadena un acceso a la memoria no inicializada, como lo demuestra valgrind. • https://www.exploit-db.com/exploits/34521 http://bugs.mysql.com/bug.php?id=54393 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://secunia.com/advisories/42936 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.redhat.com/support/errata/RHSA-2011-0164.html http://www.securityfocus.com/bid/42638 http • CWE-399: Resource Management Errors •
CVE-2010-3681 – Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service
https://notcve.org/view.php?id=CVE-2010-3681
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.5 anteriores a 5.5.5, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante la interfaz HANDLER y realizar "alternate reads from two indexes on a table", lo que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/34520 http://bugs.mysql.com/bug.php?id=54007 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://www.debian.org/security/2011/dsa-21 •
CVE-2010-2008 – Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2008
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. MySQL anterior a v5.1.48 permite a usuarios autenticados remotamente con privilegios de modificación en la base de datos provocar una denegación de servicio (caída de servidor y pérdida de la base de datos) a través del comando "ALTER DATABASE" con una cadena #mysql50# seguida de un ..(punto punto), ../ (punto punto barra) o secuencia similar, y un comando "UPGRADE DATA DIRECTORY NAME", lo que provoca que MySQL mueva ciertos directorios al directorio del servidor de datos. • https://www.exploit-db.com/exploits/14537 http://bugs.mysql.com/bug.php?id=53804 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html http://secunia.com/advisories/40333 http://secunia.com/advisories/40762 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.securityfocus.com/bid/41198 http://www.securitytracker.com/id?1024160 http://www.ubuntu.com/usn/USN-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2010-1850 – mysql: COM_FIELD_LIST table name buffer overflow
https://notcve.org/view.php?id=CVE-2010-1850
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. Un desbordamiento de búfer en MySQL v5.0 a v5.0.91 y v5.1 antes de v5.1.47 permite ejecutar código de su elección a usuarios remotos autenticados mediante un comando COM_FIELD_LIST con un nombre de tabla larga. • http://bugs.mysql.com/bug.php?id=53237 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://securitytracker.com/id?1024033 http://support.apple.com/kb/HT4435 http://www.mandriva.com/security/advisories?name=MDVSA-2010:107 http://www.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1848 – mysql: multiple insufficient table name checks
https://notcve.org/view.php?id=CVE-2010-1848
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. Vulnerabilidad de salto de directorio en MySQL v5.0 hasta v5.0.91 y v5.1 anteriores a v5.1.47 permite a usuarios autenticados remotamente saltarse tablas establecidas permitiendo leer definiciones de campos de tablas de su elección, y sobre v5.1 leer o eliminar contenido de tablas de su elección, a través de .. (punto punto) en un nombre de tabla. • http://bugs.mysql.com/bug.php?id=53371 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.mysql.com/commits/107532 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://securitytracker.com/id?1024031 http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •