Vulnerability CVE-2009-0819 - CERT Civis.Net

Vulnerability Name:

CVE-2009-0819 (CCN-49050)

Assigned:

2009-02-14

Published:

2009-02-14

Updated:

2019-12-17

Summary:

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: MySQL Bugs: #42495
updatexml: Assertion failed: xpath->context, file .\item_xmlfunc.cc, line 2507

Source: CONFIRM
Type: Patch, Vendor Advisory
http://bugs.mysql.com/bug.php?id=42495

Source: MITRE
Type: CNA
CVE-2009-0819

Source: CCN
Type: MySQL Web site
C.1.1. Changes in MySQL 5.1.32 (14 February 2009)

Source: CONFIRM
Type: Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html

Source: CONFIRM
Type: UNKNOWN
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html

Source: CCN
Type: SA34115
MySQL "ExtractValue()" and "UpdateXML()" Scalar XPath Denial of Service

Source: SECUNIA
Type: Vendor Advisory
34115

Source: CCN
Type: SECTRACK ID: 1021786
MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service

Source: CCN
Type: OSVDB ID: 52453
MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS

Source: BID
Type: Exploit
33972

Source: CCN
Type: BID-33972
MySQL XPath Expression Remote Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021786

Source: VUPEN
Type: Vendor Advisory
ADV-2009-0594

Source: XF
Type: UNKNOWN
mysql-xpath-dos(49050)

Source: XF
Type: UNKNOWN
mysql-xpath-dos(49050)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7544

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:mysql:5.1.23:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.31:-:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:*:*:*:*:*:*:*:* (Version <= 5.1.32-bzr)

OR cpe:/a:mysql:mysql:6.0.9:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:6.0.10-bzr:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.19:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.23:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.24:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.25:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.26:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.27:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.28:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.29:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.30:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:6.0.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.30:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:6.0.9:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:6.0.10-bzr:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.32:bzr:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:7544	V	MySQL 6.0 and 5.1 XPath Expression DOS Vulnerability	2013-11-11