Vulnerability CVE-2007-2583 - CERT Civis.Net

Vulnerability Name:

CVE-2007-2583 (CCN-34232)

Assigned:

2007-03-29

Published:

2007-03-29

Updated:

2021-11-08

Summary:

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

CVSS v3 Severity:

3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: MySQL Bug #27513
mysql 5.0.x + NULL pointer DoS

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
http://bugs.mysql.com/bug.php?id=27513

Source: MITRE
Type: CNA
CVE-2007-2583

Source: CONFIRM
Type: Vendor Advisory
http://lists.mysql.com/commits/23685

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2008:003

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html

Source: CCN
Type: RHSA-2008-0364
Low: mysql security and bug fix update

Source: CCN
Type: SA25188
MySQL IF Query Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
25188

Source: SECUNIA
Type: Patch, Vendor Advisory
25196

Source: SECUNIA
Type: Vendor Advisory
25255

Source: SECUNIA
Type: Vendor Advisory
25389

Source: SECUNIA
Type: Vendor Advisory
25946

Source: SECUNIA
Type: Vendor Advisory
27155

Source: SECUNIA
Type: Vendor Advisory
27823

Source: SECUNIA
Type: Vendor Advisory
28838

Source: SECUNIA
Type: Vendor Advisory
30351

Source: GENTOO
Type: Third Party Advisory
GLSA-200705-11

Source: DEBIAN
Type: Patch, Third Party Advisory
DSA-1413

Source: DEBIAN
Type: DSA-1413
mysql -- multiple vulnerabilities

Source: EXPLOIT-DB
Type: Third Party Advisory, VDB Entry
30020

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:139

Source: CCN
Type: MySQL Web site
MySQL AB :: The world's most popular open source database

Source: OSVDB
Type: Broken Link
34734

Source: CCN
Type: OSVDB ID: 34734
MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS

Source: REDHAT
Type: Vendor Advisory
RHSA-2008:0364

Source: BID
Type: Third Party Advisory, VDB Entry, Vendor Advisory
23911

Source: CCN
Type: BID-23911
MySQL IF Query Handling Remote Denial Of Service Vulnerability

Source: TRUSTIX
Type: Broken Link
2007-0017

Source: CCN
Type: USN-528-1
MySQL vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1731

Source: XF
Type: Third Party Advisory, VDB Entry
mysql-if-dos(34232)

Source: XF
Type: UNKNOWN
mysql-if-dos(34232)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1356

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:9930

Source: CCN
Type: Packet Storm Security [12-05-2013]
MySQL 5.0.x Denial Of Service

Source: UBUNTU
Type: Third Party Advisory
USN-528-1

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-04-2013]

Source: SUSE
Type: SUSE-SR:2008:003
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version < 5.0.40)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.1 and <= 5.1.17)

Configuration 2:

cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.10:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.15:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.16:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.17:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.1:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.20:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.27:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.33:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.37:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.3:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.4:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20072583	V	CVE-2007-2583	2015-11-16
oval:org.mitre.oval:def:17461	P	USN-528-1 -- mysql-dfsg-5.0 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:20366	P	DSA-1413-1 mysql - multiple	2014-06-23
oval:org.mitre.oval:def:22310	P	ELSA-2008:0364: mysql security and bug fix update (Low)	2014-05-26
oval:org.mitre.oval:def:9930	V	The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.	2013-04-29
oval:com.redhat.rhsa:def:20080364	P	RHSA-2008:0364: mysql security and bug fix update (Low)	2008-05-21
oval:org.debian:def:1413	V	multiple vulnerabilities	2007-11-26