CVE-2008-3963 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3963
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3963

Description: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45042 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html ST 1020858 SAID Secunia Advisory: SA32759 Secunia Advisory: SA34907 Secunia Advisory: SA31769 REDHAT http://www.redhat.com/support/errata/RHSA-2009-1067.html MLIST http://www.openwall.com/lists/oss-security/2008/09/09/7 http://www.openwall.com/lists/oss-security/2008/09/09/4 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 DEBIAN http://www.debian.org/security/2009/dsa-1783 CONFIRM http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://bugs.mysql.com/bug.php?id=35658

Return to the previous page.