製品・ソフトウェアに関する情報

JVN脆弱性詳細

MySQL の mysqld におけるサービス運用妨害 (DoS) の脆弱性

Title	MySQL の mysqld におけるサービス運用妨害 (DoS) の脆弱性
Summary	MySQL の mysqld には、サブクエリを含む特定の SELECT ステートメントの実行中にエラーを適切に処理しない、または GeomFromWKB 関数を使用するステートメントの実行中に特定の null_value フラグを保持しないため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、巧妙に細工されたステートメントを介して、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 30, 2009, midnight
Registration Date	March 8, 2010, 12:28 p.m.
Last Update	April 15, 2010, 6:16 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.4.z (server)

RHEL Desktop Workstation 5 (client)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

MySQL AB

MySQL 5.0.88 未満

MySQL 5.1.41 未満

アップル

Apple Mac OS X Server v10.6 から v10.6.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-4019	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019
National Vulnerability Database (NVD)
2	CVE-2009-4019	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4019

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-DesignError	https://www.ipa.go.jp/security/vuln/CWE.html#CWEDesignError

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT4077	http://support.apple.com/kb/HT4077
Apple セキュリティアップデート
2	HT4077	http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Asianux Technical Support Network
3	mysql-5.0.77-4.2.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=985
MySQL Documentation
4	Changes in MySQL 5.0.88	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
5	Changes in MySQL 5.1.41	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
Red Hat Security Advisory
6	RHSA-2010:0109	https://rhn.redhat.com/errata/RHSA-2010-0109.html

その他

No	Name	URL
SecurityFocus
1	37297	http://www.securityfocus.com/bid/37297

Change Log

No	Changed Details	Date of change
0	[2010年03月08日] 掲載 [2010年04月15日] 影響を受けるシステム：アップル (HT4077) の情報を追加ベンダ情報：アップル (HT4077) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-4019

Summary	mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Publication Date	Dec. 1, 2009, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:25 p.m.
Last Update	Dec. 18, 2019, 5:26 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:5.0.0:::::::*
cpe:2.3:a:mysql:mysql:5.0.1:::::::*
cpe:2.3:a:mysql:mysql:5.0.2:::::::*
cpe:2.3:a:mysql:mysql:5.0.3:::::::*
cpe:2.3:a:mysql:mysql:5.0.4:::::::*
cpe:2.3:a:mysql:mysql:5.0.5:::::::*
cpe:2.3:a:mysql:mysql:5.0.5.0.21:::::::*
cpe:2.3:a:mysql:mysql:5.0.10:::::::*
cpe:2.3:a:mysql:mysql:5.0.15:::::::*
cpe:2.3:a:mysql:mysql:5.0.16:::::::*
cpe:2.3:a:mysql:mysql:5.0.17:::::::*
cpe:2.3:a:mysql:mysql:5.0.20:::::::*
cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:::::::*
cpe:2.3:a:mysql:mysql:5.0.24:::::::*
cpe:2.3:a:mysql:mysql:5.0.30:::::::*
cpe:2.3:a:mysql:mysql:5.0.36:::::::*
cpe:2.3:a:mysql:mysql:5.0.44:::::::*
cpe:2.3:a:mysql:mysql:5.0.54:::::::*
cpe:2.3:a:mysql:mysql:5.0.56:::::::*
cpe:2.3:a:mysql:mysql:5.0.60:::::::*
cpe:2.3:a:mysql:mysql:5.0.66:::::::*
cpe:2.3:a:mysql:mysql:5.0.82:::::::*
cpe:2.3:a:mysql:mysql:5.1.5:::::::*
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.32:::::::*
cpe:2.3:a:oracle:mysql:5.0.0:alpha::::::
cpe:2.3:a:oracle:mysql:5.0.3:beta::::::
cpe:2.3:a:oracle:mysql:5.0.6:::::::*
cpe:2.3:a:oracle:mysql:5.0.7:::::::*
cpe:2.3:a:oracle:mysql:5.0.8:::::::*
cpe:2.3:a:oracle:mysql:5.0.11:::::::*
cpe:2.3:a:oracle:mysql:5.0.12:::::::*
cpe:2.3:a:oracle:mysql:5.0.13:::::::*
cpe:2.3:a:oracle:mysql:5.0.14:::::::*
cpe:2.3:a:oracle:mysql:5.0.18:::::::*
cpe:2.3:a:oracle:mysql:5.0.19:::::::*
cpe:2.3:a:oracle:mysql:5.0.21:::::::*
cpe:2.3:a:oracle:mysql:5.0.22:::::::*
cpe:2.3:a:oracle:mysql:5.0.23:::::::*
cpe:2.3:a:oracle:mysql:5.0.25:::::::*
cpe:2.3:a:oracle:mysql:5.0.26:::::::*
cpe:2.3:a:oracle:mysql:5.0.27:::::::*
cpe:2.3:a:oracle:mysql:5.0.30:sp1::::::
cpe:2.3:a:oracle:mysql:5.0.32:::::::*
cpe:2.3:a:oracle:mysql:5.0.33:::::::*
cpe:2.3:a:oracle:mysql:5.0.37:::::::*
cpe:2.3:a:oracle:mysql:5.0.38:::::::*
cpe:2.3:a:oracle:mysql:5.0.41:::::::*
cpe:2.3:a:oracle:mysql:5.0.42:::::::*
cpe:2.3:a:oracle:mysql:5.0.45:::::::*
cpe:2.3:a:oracle:mysql:5.0.50:::::::*
cpe:2.3:a:oracle:mysql:5.0.51:::::::*
cpe:2.3:a:oracle:mysql:5.0.51a:::::::*
cpe:2.3:a:oracle:mysql:5.0.52:::::::*
cpe:2.3:a:oracle:mysql:5.0.75:::::::*
cpe:2.3:a:oracle:mysql:5.0.77:::::::*
cpe:2.3:a:oracle:mysql:5.0.81:::::::*
cpe:2.3:a:oracle:mysql:5.0.83:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.4:::::::*
cpe:2.3:a:oracle:mysql:5.1.6:::::::*
cpe:2.3:a:oracle:mysql:5.1.7:::::::*
cpe:2.3:a:oracle:mysql:5.1.8:::::::*
cpe:2.3:a:oracle:mysql:5.1.9:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*

Related information, measures and tools

No	URL	refsource
1	http://bugs.mysql.com/47780	CONFIRM
2	http://bugs.mysql.com/48291	CONFIRM
3	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html	CONFIRM
4	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html	CONFIRM
5	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	APPLE
6	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	SUSE
7	http://marc.info/?l=oss-security&m=125881733826437&w=2	MLIST
8	http://marc.info/?l=oss-security&m=125883754215621&w=2	MLIST
9	http://marc.info/?l=oss-security&m=125901161824278&w=2	MLIST
10	http://secunia.com/advisories/37717	SECUNIA
11	http://secunia.com/advisories/38517	SECUNIA
12	http://secunia.com/advisories/38573	SECUNIA
13	http://support.apple.com/kb/HT4077	CONFIRM
14	http://ubuntu.com/usn/usn-897-1	UBUNTU
15	http://www.debian.org/security/2010/dsa-1997	DEBIAN
16	http://www.redhat.com/support/errata/RHSA-2010-0109.html	REDHAT
17	http://www.ubuntu.com/usn/USN-1397-1	UBUNTU
18	http://www.vupen.com/english/advisories/2010/1107	VUPEN
19	https://bugzilla.redhat.com/show_bug.cgi?id=540906	CONFIRM
20	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349	OVAL
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500	OVAL
22	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html	FEDORA

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:5.0.0:::::::*
cpe:2.3:a:mysql:mysql:5.0.1:::::::*
cpe:2.3:a:mysql:mysql:5.0.2:::::::*
cpe:2.3:a:mysql:mysql:5.0.3:::::::*
cpe:2.3:a:mysql:mysql:5.0.4:::::::*
cpe:2.3:a:mysql:mysql:5.0.5:::::::*
cpe:2.3:a:mysql:mysql:5.0.5.0.21:::::::*
cpe:2.3:a:mysql:mysql:5.0.10:::::::*
cpe:2.3:a:mysql:mysql:5.0.15:::::::*
cpe:2.3:a:mysql:mysql:5.0.16:::::::*
cpe:2.3:a:mysql:mysql:5.0.17:::::::*
cpe:2.3:a:mysql:mysql:5.0.20:::::::*
cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:::::::*
cpe:2.3:a:mysql:mysql:5.0.24:::::::*
cpe:2.3:a:mysql:mysql:5.0.30:::::::*
cpe:2.3:a:mysql:mysql:5.0.36:::::::*
cpe:2.3:a:mysql:mysql:5.0.44:::::::*
cpe:2.3:a:mysql:mysql:5.0.54:::::::*
cpe:2.3:a:mysql:mysql:5.0.56:::::::*
cpe:2.3:a:mysql:mysql:5.0.60:::::::*
cpe:2.3:a:mysql:mysql:5.0.66:::::::*
cpe:2.3:a:mysql:mysql:5.0.82:::::::*
cpe:2.3:a:mysql:mysql:5.1.5:::::::*
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.32:::::::*
cpe:2.3:a:oracle:mysql:5.0.0:alpha::::::
cpe:2.3:a:oracle:mysql:5.0.3:beta::::::
cpe:2.3:a:oracle:mysql:5.0.6:::::::*
cpe:2.3:a:oracle:mysql:5.0.7:::::::*
cpe:2.3:a:oracle:mysql:5.0.8:::::::*
cpe:2.3:a:oracle:mysql:5.0.11:::::::*
cpe:2.3:a:oracle:mysql:5.0.12:::::::*
cpe:2.3:a:oracle:mysql:5.0.13:::::::*
cpe:2.3:a:oracle:mysql:5.0.14:::::::*
cpe:2.3:a:oracle:mysql:5.0.18:::::::*
cpe:2.3:a:oracle:mysql:5.0.19:::::::*
cpe:2.3:a:oracle:mysql:5.0.21:::::::*
cpe:2.3:a:oracle:mysql:5.0.22:::::::*
cpe:2.3:a:oracle:mysql:5.0.23:::::::*
cpe:2.3:a:oracle:mysql:5.0.25:::::::*
cpe:2.3:a:oracle:mysql:5.0.26:::::::*
cpe:2.3:a:oracle:mysql:5.0.27:::::::*
cpe:2.3:a:oracle:mysql:5.0.30:sp1::::::
cpe:2.3:a:oracle:mysql:5.0.32:::::::*
cpe:2.3:a:oracle:mysql:5.0.33:::::::*
cpe:2.3:a:oracle:mysql:5.0.37:::::::*
cpe:2.3:a:oracle:mysql:5.0.38:::::::*
cpe:2.3:a:oracle:mysql:5.0.41:::::::*
cpe:2.3:a:oracle:mysql:5.0.42:::::::*
cpe:2.3:a:oracle:mysql:5.0.45:::::::*
cpe:2.3:a:oracle:mysql:5.0.50:::::::*
cpe:2.3:a:oracle:mysql:5.0.51:::::::*
cpe:2.3:a:oracle:mysql:5.0.51a:::::::*
cpe:2.3:a:oracle:mysql:5.0.52:::::::*
cpe:2.3:a:oracle:mysql:5.0.75:::::::*
cpe:2.3:a:oracle:mysql:5.0.77:::::::*
cpe:2.3:a:oracle:mysql:5.0.81:::::::*
cpe:2.3:a:oracle:mysql:5.0.83:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.4:::::::*
cpe:2.3:a:oracle:mysql:5.1.6:::::::*
cpe:2.3:a:oracle:mysql:5.1.7:::::::*
cpe:2.3:a:oracle:mysql:5.1.8:::::::*
cpe:2.3:a:oracle:mysql:5.1.9:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*