CVE-2010-1850

MEDIUM

Description

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

References

http://bugs.mysql.com/bug.php?id=53237

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://securitytracker.com/id?1024033

http://support.apple.com/kb/HT4435

http://www.mandriva.com/security/advisories?name=MDVSA-2010:107

http://www.redhat.com/support/errata/RHSA-2010-0442.html

http://www.ubuntu.com/usn/USN-1397-1

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693

Details

Source: MITRE

Published: 2010-06-08

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 6.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:5.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3:beta:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.4a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.10a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.15a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.16a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.17a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.20a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.22:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.23:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.24a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.27:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.33:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.37:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.41:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.45:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.45b:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.51a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.51b:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.67:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.75:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.77:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.81:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.83:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.84:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.85:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.86:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.87:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.88:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.89:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.90:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.91:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mysql:mysql:5.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.5a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.23a:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.30:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.33:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.35:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.36:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.38:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.39:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.40:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.43:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.44:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.45:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.46:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
68046	Oracle Linux 5 : mysql (ELSA-2010-0442)	Nessus	Oracle Linux Local Security Checks	medium
60796	Scientific Linux Security Update : mysql on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
58325	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)	Nessus	Ubuntu Local Security Checks	high
57446	GLSA-201201-02 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
50936	SuSE 11 / 11.1 Security Update : MySQL (SAT Patch Numbers 3220 / 3243)	Nessus	SuSE Local Security Checks	medium
800791	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high
5705	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
50549	Mac OS X Multiple Vulnerabilities (Security Update 2010-007)	Nessus	MacOS X Local Security Checks	high
50548	Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
50021	SuSE 10 Security Update : MySQL (ZYPP Patch Number 7172)	Nessus	SuSE Local Security Checks	medium
50016	openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)	Nessus	SuSE Local Security Checks	medium
50010	openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0731-1)	Nessus	SuSE Local Security Checks	medium
47523	Fedora 11 : mysql-5.1.47-1.fc11 (2010-9061)	Nessus	Fedora Local Security Checks	medium
47522	Fedora 12 : mysql-5.1.47-1.fc12 (2010-9053)	Nessus	Fedora Local Security Checks	medium
47519	Fedora 13 : mysql-5.1.47-1.fc13 (2010-9016)	Nessus	Fedora Local Security Checks	medium
801133	MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities	Log Correlation Engine	Database	medium
5587	MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
46855	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-950-1)	Nessus	Ubuntu Local Security Checks	medium
46832	Debian DSA-2057-1 : mysql-dfsg-5.0 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
46763	CentOS 5 : mysql (CESA-2010:0442)	Nessus	CentOS Local Security Checks	medium
46735	RHEL 5 : mysql (RHSA-2010:0442)	Nessus	Red Hat Local Security Checks	medium
46726	Mandriva Linux Security Advisory : mysql (MDVSA-2010:107)	Nessus	Mandriva Local Security Checks	medium
46702	MySQL Community Server < 5.1.47 / 5.0.91 Multiple Vulnerabilities	Nessus	Databases	medium