SynopsisThe remote database server is vulnerable to multiple attack vectors.
DescriptionVersions of MySQL Community Server 5.1 earlier than 5.1.51 are potentially affected by multiple vulnerabilities :
- A privilege escalation vulnerability exists when using statement-based replication. Version specific comments used on a master server with a lesser release version than its slave can allow the MySQL privilege system on the slave server to be subverted. (49124)
- The improper handling of type errors during argument evaluation in extreme-value functions, e.g., 'LEAST()' or 'GREATEST()' caused server crashes. (55826)
- The creation of derived tables needing a temporary grouping table caused server crashes. (55568)
- The re-evaluation of a user-variable assignment expression after the creation of a temporary table caused server crashes. (55564)
- The pre-evaluation of 'LIKE' predicates while preparing a view caused server crashes. (54568)
- The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused server crashes. (54476)
- The use of an intermediate temporary table and queries containing calls to 'GREATEST()' or 'LEAST()', having a list of both numeric and 'LONGBLOB' arguments, caused server crashes. (54461)
- The use of nested joins in prepared statements or stored procedures could result in infinite loops. (53544)
SolutionUpgrade to MySQL Community Server 5.1.51 or later.