MySQL: Moderate Advisory (Denial of Service Vulnerability)

Users of MySQL please be advised of a denial of service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0824-01: [RHSA-2010:0824-01] mysql: Moderate Advisory
Product: Red Hat Enterprise Linux
Description:

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

It was found that the MySQL PolyFromWKB() function did not sanity check
Well-Known Binary (WKB) data. A remote, authenticated attacker could use
specially-crafted WKB data to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3840)Read more at http://www.criticalwatch.com

 

Advertisements