This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote database server is vulnerable to multiple denial of
The version of MySQL installed on the remote host is older than
5.5.6. As such, it reportedly is prone to multiple denial of service
- The improper handling of type errors during argument
evaluation in extreme-value functions, e.g., 'LEAST()'
or 'GREATEST()' causes server crashes. (CVE-2010-3833)
- Remote authenticated attackers could crash the server.
(CVE-2010-3834 & CVE-2010-3836)
- The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused
server crashes. (CVE-2010-3837)
- The use of an intermediate temporary table and queries
containing calls to 'GREATEST()' or 'LEAST()', having
a list of both numeric and 'LONGBLOB' arguments, caused
server crashes. (CVE-2010-3838)
- The use of nested joins in prepared statements or
stored procedures could result in infinite loops.
See also :
Upgrade to MySQL version 5.5.6 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Nessus Plugin ID: 17836 ()
Bugtraq ID: 43676
CVE ID: CVE-2010-3833CVE-2010-3834CVE-2010-3835CVE-2010-3836CVE-2010-3837CVE-2010-3838CVE-2010-3839
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.