Computer Security
[EN] securityvulns.ru no-pyccku


MySQL multiple security vulnerabilities
Published:27.05.2010
Source:
SecurityVulns ID:10877
Type:remote
Threat Level:
6/10
Description:Buffer overflow and privilege escalation via COM_FIELD_LIST, DoS because of endless loop on network packet reading.
CVE:CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.)
 CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.)
 CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:107 ] mysql (27.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod