Vulnerability Name:

CVE-2004-0956 (CCN-17768)

Assigned:2004-10-15
Published:2004-10-15
Updated:2019-12-17
Summary:MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: MySQL Bug #3870
Crash on FTS query

Source: CONFIRM
Type: UNKNOWN
http://bugs.mysql.com/bug.php?id=3870

Source: MITRE
Type: CNA
CVE-2004-0956

Source: CONFIRM
Type: UNKNOWN
http://lists.mysql.com/packagers/202

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200410-22

Source: SUSE
Type: UNKNOWN
SUSE-SR:2004:001

Source: CCN
Type: OSVDB ID: 10985
MySQL MATCH..AGAINST Query DoS

Source: CCN
Type: BID-11432
MySQL Remote FULLTEXT Search Denial Of Service Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0054
Multiple security vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2004-0054

Source: CCN
Type: USN-32-1
mysql vulnerabilities

Source: XF
Type: UNKNOWN
mysql-match-against-dos(17768)

Source: XF
Type: UNKNOWN
mysql-match-against-dos(17768)

Source: SUSE
Type: SUSE-SR:2004:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
  • AND
  • cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040956
    V
    		CVE-2004-0956
    2015-11-16
    BACK
    oracle mysql 4.0.0
    oracle mysql 4.0.1
    oracle mysql 4.0.2
    oracle mysql 4.0.3
    oracle mysql 4.0.4
    oracle mysql 4.0.5
    oracle mysql 4.0.5a
    oracle mysql 4.0.6
    oracle mysql 4.0.7
    oracle mysql 4.0.7 gamma
    oracle mysql 4.0.8
    oracle mysql 4.0.8 gamma
    oracle mysql 4.0.9
    oracle mysql 4.0.9 gamma
    oracle mysql 4.0.10
    oracle mysql 4.0.11
    oracle mysql 4.0.11 gamma
    oracle mysql 4.0.12
    oracle mysql 4.0.13
    oracle mysql 4.0.14
    oracle mysql 4.0.15
    oracle mysql 4.0.18
    oracle mysql 4.0.20
    suse suse linux 8.0
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.2
    ubuntu ubuntu linux 4.1
    ubuntu ubuntu linux 4.1
    mysql mysql 4.0.20
    trustix secure linux 1.5
    trustix secure linux 2.0
    trustix secure linux 2.1