New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.8
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840)
A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681)
A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. A remote, authenticated attacker could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially crafted table name. (CVE-2010-1848)
After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
SolutionUpdate the affected packages.