|
Feeds -
Exploits
|
|
Written by Shane Bester
|
|
Tuesday, 10 March 2009 20:06 |
MySQL XPath Expression Remote Denial Of Service Vulnerability
-\\Bugtraq ID:
33972
-\\Class:
Design Error
-\\CVE:
CVE-2009-0819
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Feb 14 2009 12:00AM
-\\Updated:
Mar 10 2009 02:36PM
-\\Credit:
Shane Bester
-\\Vulnerable:
MySQL AB MySQL 6.0.9
MySQL AB MySQL 6.0.8
MySQL AB MySQL 6.0.7
MySQL AB MySQL 6.0.6
MySQL AB MySQL 6.0.4
MySQL AB MySQL 6.0.3
MySQL AB MySQL 6.0.2
MySQL AB MySQL 6.0.1
MySQL AB MySQL 6.0
MySQL AB MySQL 5.1.31
MySQL AB MySQL 5.1.30
MySQL AB MySQL 5.1.26
MySQL AB MySQL 5.1.23
MySQL AB MySQL 5.1.22
MySQL AB MySQL 5.1.18
MySQL AB MySQL 5.1.17
MySQL AB MySQL 5.1.16
MySQL AB MySQL 5.1.15
MySQL AB MySQL 5.1.14
MySQL AB MySQL 5.1.13
MySQL AB MySQL 5.1.12
MySQL AB MySQL 5.1.11
MySQL AB MySQL 5.1.10
MySQL AB MySQL 5.1.9
MySQL AB MySQL 5.1.6
MySQL AB MySQL 5.1.5
-\\Not Vulnerable:
MySQL AB MySQL 5.1.32
-\\Discussion
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain XPath expressions.
An attacker can exploit this issue to crash the application, denying access to legitimate users.
This issue affects:
MySQL 5.1.31 and earlier
MySQL 6.0.9 and earlier
-\\Exploit(s)/PoC(s):
The following proof-of-concept queries are available:
select updatexml('','0/a','');
select extractvalue('','0/a');
-\\Solution
The vendor has released updates. Please see the references for more information.
-\\References(s)
--Bug #42495
http://bugs.mysql.com/bug.php?id=4249 (MySQL AB)
--C.1.1. Changes in MySQL 5.1.32 (14 February 2009)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.htm (MySQL AB)
--MySQL Homepage
http://www.mysql.com (MySQL AB)
|
