CERT-MU Vulnerability Note VN-2009-7

MySQL XPath Scalar Expression Handling Denial of Service Vulnerability

Original Issue Date: March 09, 2009

Severity Rating: Medium

Systems Affected

• MySQL 5.1.15
• MySQL 5.1.30
• MySQL 6.0.9

Overview

Vulnerability has been reported in MySQL which could be exploited by a remote authenticated attacker to crash an affected server, creating a denial of service condition.

Description

A denial of service vulnerability exists in MySQL caused by an assertion error when handling malformed XPath expressions. By invoking the ExtractValue() or UpdateXML() functions using a specially-crafted XPath expression containing scalar FilterExp expressions, a remote attacker could exploit this vulnerability to cause a denial of service.

Solution

Upgrade to MySQL version 5.1.32.

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

MySQL
http://bugs.mysql.com/bug.php?id=42495
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html

CVE Name
CVE-2009-0819

References

ISS X-Force Database
http://xforce.iss.net/xforce/xfdb/49050

Vupen Security
http://www.vupen.com/english/advisories/2009/0594

Secunia
http://secunia.com/advisories/34115

Security Lab
http://en.securitylab.ru/nvd/369535.php

Security Database
http://www.security-database.com/detail.php?alert=CVE-2009-0819