Debian: DSA-2144-1 Critical: MySQL Remote Code Execution Vulnerability
debian
January 14, 2011
Several vulnerabilities have been discovered in the MySQL database server
Summary
Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2010-3677
It was discovered that MySQL allows remote authenticated users to cause
a denial of service (mysqld daemon crash) via a join query that uses a
table with a unique SET column.
CVE-2010-3680
It was discovered that MySQL allows remote authenticated users to cause
a denial of service (mysqld daemon crash) by creating temporary tables
while using InnoDB, which triggers an assertion failure.
CVE-2010-3681
It was discovered that MySQL allows remote authenticated users to cause
a denial of service (mysqld daemon crash) by using the HANDLER interface
and performing "alternate reads from two indexes on a table," which
triggers an assertion failure.
CVE-2010-3682
It was discovered that MySQL incorrectly handled use of EXPLAIN with
certain queries.
An authenticated user could crash the server.
CVE-2010-3833
It was disc...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: mysql-dfsg-5.0
CVE ID: CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3840
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!