CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2008-8

Item_bin_string::Item_bin_string() Binary Value Processing Vulnerability in MySQL

Original Issue Date: September 16, 2008

Severity Rating: High

Systems Affected

MySQL Versions 5.0 prior to 5.0.66, 5.1 prior to 5.1.26, 6.0 prior to 6.0.6

Overview

A vulnerability has been reported in MySQL which can allow remote authenticated user to cause denial of service conditions.

Description

A binary value processing vulnerability exists in MySQL Item_bin_string::Item_bin_string(). A remote authenticated user can send a specially crafted SQL statement like a request containing an empty binary value to trigger a flaw in Item_bin_string::Item_bin_string() and cause the target service to crash and hence denial of service conditions.

Solution

The vendor has issued a fix (5.0.66, 5.1.26, 6.0.6)

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

MySQL

http://bugs.mysql.com/bug.php?id=35658
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html

CVE-Name

CVE-2008-3963

References