Vulnerability Name:

CVE-2006-4380 (CCN-28202)

Assigned:2005-05-28
Published:2005-05-28
Updated:2017-10-11
Summary:MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
CVSS v3 Severity:5.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: Exploit
http://bugs.mysql.com/10442

Source: CCN
Type: MySQL Bug #10442
Server crashing bug on replication slaves

Source: MITRE
Type: CNA
CVE-2006-4380

Source: CCN
Type: MySQL Web site
MySQL AB :: MySQL 4.1 Downloads

Source: CONFIRM
Type: Patch
http://lists.mysql.com/internals/26123

Source: CCN
Type: RHSA-2006-0544
mysql security update

Source: SECUNIA
Type: Vendor Advisory
21712

Source: SECUNIA
Type: Vendor Advisory
21762

Source: CCN
Type: SECTRACK ID: 1016790
MySQL Replication Error Lets Local Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1016790

Source: DEBIAN
Type: UNKNOWN
DSA-1169

Source: DEBIAN
Type: DSA-1169
mysql-dfsg-4.1 -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:158

Source: CCN
Type: OSVDB ID: 28296
MySQL Crafted multiupdate / subselects Query Local DoS

Source: BID
Type: UNKNOWN
19794

Source: CCN
Type: BID-19794
MySQL Multiupdate and Subselects Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
mysql-multiupdate-subselect-dos(28202)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10686

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:4.1.13:-:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.29:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.20:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.13:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.20.32a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.28:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.30:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.32:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.20:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.24:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.28:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.29:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.30:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.31:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.32:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.33:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.34:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.35:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.36:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.37:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.38:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.39:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.40:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.41:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.42:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.43:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.44:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.45:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.46:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.47:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.50:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.51:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.56:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.57:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.58:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.59:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.10:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.12:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.12:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.13:a:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10686
    V
    		MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
    2013-04-29
    oval:org.debian:def:1169
    V
    		several vulnerabilities
    2006-09-05
    oval:com.redhat.rhsa:def:20060544
    P
    		RHSA-2006:0544: mysql security update (Important)
    2006-06-09
    BACK
    mysql mysql 4.1.13
    mysql mysql 3.23.8
    mysql mysql 3.22.29
    mysql mysql 3.22.27
    mysql mysql 3.23.20 beta
    mysql mysql 3.23.49
    mysql mysql 3.23.54
    mysql mysql 3.23
    mysql mysql 4.0.18
    mysql mysql 4.0.20
    mysql mysql 4.0.17
    mysql mysql 4.0.23
    mysql mysql 4.0.25
    mysql mysql 4.1.13
    mysql mysql 3.20
    mysql mysql 3.20.32a
    mysql mysql 3.21
    mysql mysql 3.22
    mysql mysql 3.22.26
    mysql mysql 3.22.28
    mysql mysql 3.22.30
    mysql mysql 3.22.32
    mysql mysql 3.23.0 alpha
    mysql mysql 3.23.1
    mysql mysql 3.23.10
    mysql mysql 3.23.11
    mysql mysql 3.23.12
    mysql mysql 3.23.13
    mysql mysql 3.23.14
    mysql mysql 3.23.15
    mysql mysql 3.23.16
    mysql mysql 3.23.17
    mysql mysql 3.23.18
    mysql mysql 3.23.19
    mysql mysql 3.23.2
    mysql mysql 3.23.20 beta
    mysql mysql 3.23.21
    mysql mysql 3.23.22
    mysql mysql 3.23.23
    mysql mysql 3.23.24
    mysql mysql 3.23.25
    mysql mysql 3.23.26
    mysql mysql 3.23.27
    mysql mysql 3.23.28
    mysql mysql 3.23.28 gamma
    mysql mysql 3.23.29
    mysql mysql 3.23.3
    mysql mysql 3.23.30
    mysql mysql 3.23.31
    mysql mysql 3.23.32
    mysql mysql 3.23.33
    mysql mysql 3.23.34
    mysql mysql 3.23.35
    mysql mysql 3.23.36
    mysql mysql 3.23.37
    mysql mysql 3.23.38
    mysql mysql 3.23.39
    mysql mysql 3.23.4
    mysql mysql 3.23.40
    mysql mysql 3.23.41
    mysql mysql 3.23.42
    mysql mysql 3.23.43
    mysql mysql 3.23.44
    mysql mysql 3.23.45
    mysql mysql 3.23.46
    mysql mysql 3.23.47
    mysql mysql 3.23.48
    mysql mysql 3.23.5
    mysql mysql 3.23.50
    mysql mysql 3.23.51
    mysql mysql 3.23.52
    mysql mysql 3.23.53
    mysql mysql 3.23.53a
    mysql mysql 3.23.54a
    mysql mysql 3.23.55
    mysql mysql 3.23.56
    mysql mysql 3.23.57
    mysql mysql 3.23.58
    mysql mysql 3.23.59
    mysql mysql 3.23.6
    mysql mysql 3.23.7
    mysql mysql 3.23.9
    mysql mysql 4.0.0
    mysql mysql 4.0.1
    mysql mysql 4.0.10
    mysql mysql 4.0.11
    mysql mysql 4.0.11 gamma
    mysql mysql 4.0.12
    mysql mysql 4.0.13
    mysql mysql 4.0.14
    mysql mysql 4.0.15
    mysql mysql 4.0.16
    mysql mysql 4.0.19
    mysql mysql 4.0.2
    mysql mysql 4.0.21
    mysql mysql 4.0.24
    mysql mysql 4.0.26
    mysql mysql 4.0.27
    mysql mysql 4.0.3
    mysql mysql 4.0.4
    mysql mysql 4.0.5
    mysql mysql 4.0.5a
    mysql mysql 4.0.6
    mysql mysql 4.0.7
    mysql mysql 4.0.7 gamma
    mysql mysql 4.0.8
    mysql mysql 4.0.8 gamma
    mysql mysql 4.0.9
    mysql mysql 4.0.9 gamma
    mysql mysql 4.1
    mysql mysql 4.1.0
    mysql mysql 4.1.0.0
    mysql mysql 4.1.0 alpha
    mysql mysql 4.1.1
    mysql mysql 4.1.10
    mysql mysql 4.1.10a
    mysql mysql 4.1.11
    mysql mysql 4.1.12
    mysql mysql 4.1.12a
    mysql mysql 4.1.13a
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006