製品・ソフトウェアに関する情報

JVN脆弱性詳細

Oracle MySQL におけるサービス運用妨害 (DoS) の脆弱性

Title	Oracle MySQL におけるサービス運用妨害 (DoS) の脆弱性
Summary	Oracle MySQL には、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、InnoDB エンジンの使用に伴い作成される Null 値を指定可能なカラムが付与された TEMPORARY テーブルを介して、表明違反を誘発され、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 9, 2010, midnight
Registration Date	Feb. 7, 2011, 2:44 p.m.
Last Update	Feb. 24, 2011, 2:27 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

RHEL Desktop Workstation 5 (client)

ターボリナックス

Turbolinux Appliance Server 2.0

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux FUJI (延長メンテナンス)

Turbolinux Server 10 (延長メンテナンス)

Turbolinux Server 10 (x64) (延長メンテナンス)

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

MySQL AB

MySQL 5.1.49 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-3680	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
National Vulnerability Database (NVD)
2	CVE-2010-3680	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3680

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	mysql-5.0.77-4.4.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1290
MySQL
2	54044	http://bugs.mysql.com/bug.php?id=54044
MySQL Documentation
3	Changes in MySQL 5.1.49	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
Red Hat Security Advisory
4	RHSA-2010:0825	https://rhn.redhat.com/errata/RHSA-2010-0825.html
5	RHSA-2011:0164	https://rhn.redhat.com/errata/RHSA-2011-0164.html
Turbolinux Security Advisory
6	TLSA-2011-3	http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt

その他

No	Name	URL
ISS X-Force Database
1	64686	http://xforce.iss.net/xforce/xfdb/64686
Secunia Advisory
2	SA42936	http://secunia.com/advisories/42936
SecurityFocus
3	42598	http://www.securityfocus.com/bid/42598
VUPEN Security
4	VUPEN/ADV-2011-0170	http://www.vupen.com/english/advisories/2011/0170

Change Log

No	Changed Details	Date of change
0	[2011年02月07日] 掲載 [2011年02月24日] 影響を受けるシステム：ターボリナックス (TLSA-2011-3) の情報を追加ベンダ情報：ターボリナックス (TLSA-2011-3) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-3680

Summary	Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Publication Date	Jan. 12, 2011, 5 a.m.
Registration Date	Jan. 29, 2021, 11:06 a.m.
Last Update	Nov. 21, 2024, 10:19 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.34:::::::*
cpe:2.3:a:mysql:mysql:5.1.37:::::::*
cpe:2.3:a:mysql:mysql:5.1.31:::::::*
cpe:2.3:a:mysql:mysql:5.1.32:::::::*
cpe:2.3:a:mysql:mysql:5.1.5:::::::*
cpe:2.3:a:oracle:mysql:5.1.39:::::::*
cpe:2.3:a:oracle:mysql:5.1.40:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.40:::::::*
cpe:2.3:a:oracle:mysql:5.1.41:::::::*
cpe:2.3:a:oracle:mysql:5.1.42:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.44:::::::*
cpe:2.3:a:oracle:mysql:5.1.45:::::::*
cpe:2.3:a:oracle:mysql:5.1.46:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.46:::::::*
cpe:2.3:a:oracle:mysql:5.1.47:::::::*
cpe:2.3:a:oracle:mysql:5.1.48:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.4:::::::*
cpe:2.3:a:oracle:mysql:5.1.6:::::::*
cpe:2.3:a:oracle:mysql:5.1.7:::::::*
cpe:2.3:a:oracle:mysql:5.1.8:::::::*
cpe:2.3:a:oracle:mysql:5.1.9:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.24:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.37:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.34:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.31:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.23:a::::::
cpe:2.3:a:oracle:mysql:5.1.38:::::::*
cpe:2.3:a:oracle:mysql:5.1.36:::::::*
cpe:2.3:a:oracle:mysql:5.1.35:::::::*
cpe:2.3:a:oracle:mysql:5.1.33:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*
cpe:2.3:a:oracle:mysql:5.1.29:::::::*
cpe:2.3:a:oracle:mysql:5.1.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.27:::::::*
cpe:2.3:a:oracle:mysql:5.1.26:::::::*
cpe:2.3:a:oracle:mysql:5.1.25:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.mysql.com/bug.php?id=54044
2	http://bugs.mysql.com/bug.php?id=54044
3	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
4	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
5	http://secunia.com/advisories/42875	Vendor Advisory
6	http://secunia.com/advisories/42875	Vendor Advisory
7	http://secunia.com/advisories/42936	Vendor Advisory
8	http://secunia.com/advisories/42936	Vendor Advisory
9	http://www.debian.org/security/2011/dsa-2143
10	http://www.debian.org/security/2011/dsa-2143
11	http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
12	http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
13	http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
14	http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
15	http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
16	http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
17	http://www.openwall.com/lists/oss-security/2010/09/28/10	Exploit
18	http://www.openwall.com/lists/oss-security/2010/09/28/10	Exploit
19	http://www.redhat.com/support/errata/RHSA-2010-0825.html
20	http://www.redhat.com/support/errata/RHSA-2010-0825.html
21	http://www.redhat.com/support/errata/RHSA-2011-0164.html
22	http://www.redhat.com/support/errata/RHSA-2011-0164.html
23	http://www.securityfocus.com/bid/42598
24	http://www.securityfocus.com/bid/42598
25	http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
26	http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
27	http://www.ubuntu.com/usn/USN-1017-1
28	http://www.ubuntu.com/usn/USN-1017-1
29	http://www.ubuntu.com/usn/USN-1397-1
30	http://www.ubuntu.com/usn/USN-1397-1
31	http://www.vupen.com/english/advisories/2011/0105	Vendor Advisory
32	http://www.vupen.com/english/advisories/2011/0105	Vendor Advisory
33	http://www.vupen.com/english/advisories/2011/0133	Vendor Advisory
34	http://www.vupen.com/english/advisories/2011/0133	Vendor Advisory
35	http://www.vupen.com/english/advisories/2011/0170	Vendor Advisory
36	http://www.vupen.com/english/advisories/2011/0170	Vendor Advisory
37	http://www.vupen.com/english/advisories/2011/0345	Vendor Advisory
38	http://www.vupen.com/english/advisories/2011/0345	Vendor Advisory
39	https://bugzilla.redhat.com/show_bug.cgi?id=628192	Exploit
40	https://bugzilla.redhat.com/show_bug.cgi?id=628192	Exploit
41	https://exchange.xforce.ibmcloud.com/vulnerabilities/64686
42	https://exchange.xforce.ibmcloud.com/vulnerabilities/64686

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:5.1.23:::::::*
cpe:2.3:a:mysql:mysql:5.1.34:::::::*
cpe:2.3:a:mysql:mysql:5.1.37:::::::*
cpe:2.3:a:mysql:mysql:5.1.31:::::::*
cpe:2.3:a:mysql:mysql:5.1.32:::::::*
cpe:2.3:a:mysql:mysql:5.1.5:::::::*
cpe:2.3:a:oracle:mysql:5.1.39:::::::*
cpe:2.3:a:oracle:mysql:5.1.40:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.40:::::::*
cpe:2.3:a:oracle:mysql:5.1.41:::::::*
cpe:2.3:a:oracle:mysql:5.1.42:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:::::::*
cpe:2.3:a:oracle:mysql:5.1.43:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.44:::::::*
cpe:2.3:a:oracle:mysql:5.1.45:::::::*
cpe:2.3:a:oracle:mysql:5.1.46:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.46:::::::*
cpe:2.3:a:oracle:mysql:5.1.47:::::::*
cpe:2.3:a:oracle:mysql:5.1.48:::::::*
cpe:2.3:a:oracle:mysql:5.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.1:::::::*
cpe:2.3:a:oracle:mysql:5.1.2:::::::*
cpe:2.3:a:oracle:mysql:5.1.3:::::::*
cpe:2.3:a:oracle:mysql:5.1.4:::::::*
cpe:2.3:a:oracle:mysql:5.1.6:::::::*
cpe:2.3:a:oracle:mysql:5.1.7:::::::*
cpe:2.3:a:oracle:mysql:5.1.8:::::::*
cpe:2.3:a:oracle:mysql:5.1.9:::::::*
cpe:2.3:a:oracle:mysql:5.1.10:::::::*
cpe:2.3:a:oracle:mysql:5.1.11:::::::*
cpe:2.3:a:oracle:mysql:5.1.12:::::::*
cpe:2.3:a:oracle:mysql:5.1.13:::::::*
cpe:2.3:a:oracle:mysql:5.1.14:::::::*
cpe:2.3:a:oracle:mysql:5.1.15:::::::*
cpe:2.3:a:oracle:mysql:5.1.16:::::::*
cpe:2.3:a:oracle:mysql:5.1.17:::::::*
cpe:2.3:a:oracle:mysql:5.1.18:::::::*
cpe:2.3:a:oracle:mysql:5.1.24:::::::*
cpe:2.3:a:oracle:mysql:5.1.22:::::::*
cpe:2.3:a:oracle:mysql:5.1.21:::::::*
cpe:2.3:a:oracle:mysql:5.1.20:::::::*
cpe:2.3:a:oracle:mysql:5.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.1.37:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.34:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.31:sp1::::::
cpe:2.3:a:oracle:mysql:5.1.23:a::::::
cpe:2.3:a:oracle:mysql:5.1.38:::::::*
cpe:2.3:a:oracle:mysql:5.1.36:::::::*
cpe:2.3:a:oracle:mysql:5.1.35:::::::*
cpe:2.3:a:oracle:mysql:5.1.33:::::::*
cpe:2.3:a:oracle:mysql:5.1.30:::::::*
cpe:2.3:a:oracle:mysql:5.1.29:::::::*
cpe:2.3:a:oracle:mysql:5.1.28:::::::*
cpe:2.3:a:oracle:mysql:5.1.27:::::::*
cpe:2.3:a:oracle:mysql:5.1.26:::::::*
cpe:2.3:a:oracle:mysql:5.1.25:::::::*