CVE-2010-1849

MEDIUM

Description

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

References

http://bugs.mysql.com/bug.php?id=50974

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.mysql.com/commits/106060

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html

http://securitytracker.com/id?1024032

http://support.apple.com/kb/HT4435

http://www.mandriva.com/security/advisories?name=MDVSA-2010:107

http://www.ubuntu.com/usn/USN-1397-1

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7328

Details

Source: MITRE

Published: 2010-06-08

Updated: 2018-01-05

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:5.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3:beta:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.4a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.10a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.15a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.16a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.17a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.20a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.22:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.23:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.24a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.27:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.33:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.37:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.41:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.45:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.45b:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.51a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.51b:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.67:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.75:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.77:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.81:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.83:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.84:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.85:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.86:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.87:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.88:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.89:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.90:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.91:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mysql:mysql:5.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.5a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.23a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.30:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.33:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.35:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.36:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.38:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.39:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.40:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.43:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.44:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.45:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.46:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
68457	Oracle Linux 5 : mysql (ELSA-2012-0127)	Nessus	Oracle Linux Local Security Checks	medium
58325	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)	Nessus	Ubuntu Local Security Checks	high
57951	CentOS 5 : mysql (CESA-2012:0127)	Nessus	CentOS Local Security Checks	medium
57930	RHEL 5 : mysql (RHSA-2012:0127)	Nessus	Red Hat Local Security Checks	medium
57446	GLSA-201201-02 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
50936	SuSE 11 / 11.1 Security Update : MySQL (SAT Patch Numbers 3220 / 3243)	Nessus	SuSE Local Security Checks	medium
800791	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high
5705	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
50549	Mac OS X Multiple Vulnerabilities (Security Update 2010-007)	Nessus	MacOS X Local Security Checks	high
50548	Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
50523	SuSE9 Security Update : MySQL (YOU Patch Number 12661)	Nessus	SuSE Local Security Checks	medium
50021	SuSE 10 Security Update : MySQL (ZYPP Patch Number 7172)	Nessus	SuSE Local Security Checks	medium
50016	openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)	Nessus	SuSE Local Security Checks	medium
50010	openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0731-1)	Nessus	SuSE Local Security Checks	medium
47523	Fedora 11 : mysql-5.1.47-1.fc11 (2010-9061)	Nessus	Fedora Local Security Checks	medium
47522	Fedora 12 : mysql-5.1.47-1.fc12 (2010-9053)	Nessus	Fedora Local Security Checks	medium
47519	Fedora 13 : mysql-5.1.47-1.fc13 (2010-9016)	Nessus	Fedora Local Security Checks	medium
801133	MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities	Log Correlation Engine	Database	medium
5587	MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
46855	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-950-1)	Nessus	Ubuntu Local Security Checks	medium
46832	Debian DSA-2057-1 : mysql-dfsg-5.0 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
46726	Mandriva Linux Security Advisory : mysql (MDVSA-2010:107)	Nessus	Mandriva Local Security Checks	medium
46702	MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities	Nessus	Databases	medium