Signature Detail
Short Name |
DB:MYSQL:MYSQL-IFDOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
MySQL IF Query Handling Remote Denial Of Service Vulnerability |
Release Date |
2007/06/13 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: MySQL IF Query Handling Remote Denial Of Service Vulnerability
This signature detects attempts to exploit a known vulnerability against MySQL Database. A successful attack can result in a denial-of-service condition.
Extended Description
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate users. NOTE: An attacker must be able to execute arbitrary SELECT statements against the database to exploit this issue. This may be through legitimate means or by exploiting other latent SQL-injection vulnerabilities. Versions prior to MySQL 5.0.40 are vulnerable.
Affected Products
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2007.0
- Mandriva Linux Mandrake 2007.0 X86 64
- Mandriva Linux Mandrake 2007.1
- Mandriva Linux Mandrake 2007.1 X86 64
- MySQL AB MySQL 5.0
- MySQL AB MySQL 5.0.0 .0-0
- MySQL AB MySQL 5.0.0 .0-Alpha
- MySQL AB MySQL 5.0.1
- MySQL AB MySQL 5.0.18
- MySQL AB MySQL 5.0.19
- MySQL AB MySQL 5.0.2
- MySQL AB MySQL 5.0.20
- MySQL AB MySQL 5.0.21
- MySQL AB MySQL 5.0.22
- MySQL AB MySQL 5.0.22 -1-0.1
- MySQL AB MySQL 5.0.24
- MySQL AB MySQL 5.0.27
- MySQL AB MySQL 5.0.3
- MySQL AB MySQL 5.0.32
- MySQL AB MySQL 5.0.33
- MySQL AB MySQL 5.0.36
- MySQL AB MySQL 5.0.37
- MySQL AB MySQL 5.0.38
- MySQL AB MySQL 5.0.39
- MySQL AB MySQL 5.0.4
- Pardus Linux 2007.1
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- rPath rPath Linux 1
- SuSE Linux 10.0 Ppc
- SuSE Linux 10.0 X86
- SuSE Linux 10.0 X86-64
- SuSE Linux 10.1 Ppc
- SuSE Linux 10.1 X86
- SuSE Linux 10.1 X86-64
- SuSE Linux Desktop 1.0.0
- SuSE Novell Linux Desktop 9.0.0
- SuSE Novell Linux POS 9
- SuSE Open-Enterprise-Server
- SuSE openSUSE 10.2
- SuSE openSUSE 10.3
- SuSE SUSE Linux Enterprise Desktop 10 SP1
- SuSE SUSE Linux Enterprise SDK 10 SP1
- SuSE SUSE Linux Enterprise Server 10 SP1
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SuSE Linux Openexchange Server 4.0.0
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- SuSE UnitedLinux 1.0.0
- Trustix Secure Linux 3.0.5
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 6.10 Amd64
- Ubuntu Ubuntu Linux 6.10 I386
- Ubuntu Ubuntu Linux 6.10 Powerpc
- Ubuntu Ubuntu Linux 6.10 Sparc
- Ubuntu Ubuntu Linux 7.04 Amd64
- Ubuntu Ubuntu Linux 7.04 I386
- Ubuntu Ubuntu Linux 7.04 Powerpc
- Ubuntu Ubuntu Linux 7.04 Sparc
References
- BugTraq: 23911
- CVE: CVE-2007-2583
- URL: http://bugs.mysql.com/bug.php?id=27513