Vulnerability Name:

CVE-2007-3780 (CCN-35958)

Assigned:2007-07-04
Published:2007-07-04
Updated:2018-10-15
Summary:MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MISC
Type: UNKNOWN
http://bugs.mysql.com/bug.php?id=28984

Source: MITRE
Type: CNA
CVE-2007-3780

Source: CONFIRM
Type: UNKNOWN
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

Source: CONFIRM
Type: Patch
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html

Source: CCN
Type: MySQL Web site
MySQL AB :: MySQL Downloads

Source: CCN
Type: MySQL Announcements List, July 12 2007 10:19am
MySQL Community Server 5.0.45 has been released!

Source: MLIST
Type: UNKNOWN
[announce] 20070712 MySQL Community Server 5.0.45 has been released!

Source: CCN
Type: rPath Security-Announce Mailing List, Tue Jul 17 08:24:47 EDT 2007
rPSA-2007-0143-1 mysql mysql-bench mysql-server

Source: OSVDB
Type: UNKNOWN
36732

Source: CCN
Type: RHSA-2007-0875
Important: mysql security update

Source: CCN
Type: RHSA-2007-0894
Important: mysql security update

Source: CCN
Type: SA25301
MySQL Denial of Service Vulnerability and Multiple Security Issues

Source: SECUNIA
Type: UNKNOWN
25301

Source: SECUNIA
Type: UNKNOWN
26073

Source: SECUNIA
Type: UNKNOWN
26430

Source: SECUNIA
Type: UNKNOWN
26498

Source: SECUNIA
Type: UNKNOWN
26621

Source: SECUNIA
Type: UNKNOWN
26710

Source: SECUNIA
Type: UNKNOWN
26987

Source: SECUNIA
Type: UNKNOWN
27155

Source: SECUNIA
Type: UNKNOWN
27823

Source: GENTOO
Type: UNKNOWN
GLSA-200708-10

Source: CCN
Type: SECTRACK ID: 1018629
MySQL Authentication Protocol Bug Lets Remote Users Deny Service

Source: CCN
Type: ASA-2007-381
MySQL security update (RHSA-2007-0875)

Source: CCN
Type: ASA-2007-382
MySQL security update (RHSA-2007-0894)

Source: DEBIAN
Type: UNKNOWN
DSA-1413

Source: DEBIAN
Type: DSA-1413
mysql -- multiple vulnerabilities

Source: CCN
Type: GLSA-200708-10
MySQL: Denial of Service and information leakage

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:177

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:019

Source: CCN
Type: OSVDB ID: 36732
MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0875

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0894

Source: BUGTRAQ
Type: UNKNOWN
20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server

Source: BID
Type: UNKNOWN
25017

Source: CCN
Type: BID-25017
MySQL Access Validation and Denial of Service Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018629

Source: CCN
Type: USN-528-1
MySQL vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2008-1000

Source: XF
Type: UNKNOWN
mysql-connection-dos(35958)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1536

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11058

Source: UBUNTU
Type: UNKNOWN
USN-528-1

Source: SUSE
Type: SUSE-SR:2007:019
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mysql:community_server:*:*:*:*:*:*:*:* (Version <= 5.0.41)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mysql:community_server:5.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:community_server:5.0.44:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073780
    V
    		CVE-2007-3780
    2015-11-16
    oval:org.mitre.oval:def:17461
    P
    		USN-528-1 -- mysql-dfsg-5.0 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20366
    P
    		DSA-1413-1 mysql - multiple
    2014-06-23
    oval:org.mitre.oval:def:22681
    P
    		ELSA-2007:0875: mysql security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:11058
    V
    		MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
    2013-04-29
    oval:com.redhat.rhsa:def:20070875
    P
    		RHSA-2007:0875: mysql security update (Important)
    2007-08-30
    BACK
    mysql community server *
    mysql community server 5.0.41
    mysql community server 5.0.44
    gentoo linux *
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z