Vulnerability CVE-2013-0389 - CERT Civis.Net

Vulnerability Name:

CVE-2013-0389 (CCN-81312)

Assigned:

2012-12-07

Published:

2013-01-15

Updated:

2022-06-30

Summary:

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS v3 Severity:

5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-0389

Source: CCN
Type: RHSA-2013-0219
Moderate: mysql security update

Source: REDHAT
Type: Broken Link
RHSA-2013:0219

Source: CCN
Type: SA51894
Oracle MySQL Server Multiple Vulnerabilities

Source: CCN
Type: SA52015
MariaDB Multiple Vulnerabilities

Source: SECUNIA
Type: Not Applicable
53372

Source: GENTOO
Type: Third Party Advisory
GLSA-201308-06

Source: MANDRIVA
Type: Broken Link
MDVSA-2013:150

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2013

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Source: CCN
Type: BID-57417
Oracle MySQL Server CVE-2013-0389 Remote Security Vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-1703-1

Source: XF
Type: UNKNOWN
oracle-cpujan2013-cve20130389-dos(81312)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:16825

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-0389

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.1.0 and <= 5.1.66)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.5.0 and <= 5.5.28)

Configuration 2:

cpe:/a:mariadb:mariadb:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.2.0 and < 5.2.14)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.3.0 and < 5.3.12)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.5.0 and < 5.5.29)

OR cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.1.0 and < 5.1.67)

Configuration 3:

cpe:/o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.23:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.30:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.32:bzr:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.23:bk:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.23:a:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:5.1.5:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.19:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.45:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.44:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.43:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.42:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.41:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.40:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.39:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.38:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.37:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.36:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.35:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.34:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.33:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.32:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.31:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.46:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.47:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.48:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.49:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.50:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.23:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.24:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.25:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.26:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.27:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.28:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.29:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.34:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.37:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.40:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.43:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.46:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.49:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.51:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.52:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.53:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.54:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.55:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.56:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.57:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.58:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.59:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.60:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.61:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.16:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.17:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.23:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.62:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.64:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.63:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.26:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.24:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.25:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.25:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.65:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.27:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.66:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.5.28:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:16825	V	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS)	2015-06-01
oval:org.mitre.oval:def:18161	P	USN-1703-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:23738	P	ELSA-2013:0219: mysql security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21000	P	RHSA-2013:0219: mysql security update (Moderate)	2014-02-17
oval:com.redhat.rhsa:def:20130219	P	RHSA-2013:0219: mysql security update (Moderate)	2013-01-31
oval:com.ubuntu.precise:def:20130389000	V	CVE-2013-0389 on Ubuntu 12.04 LTS (precise) - medium.	2013-01-16