CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
98.5%
CentOS Errata and Security Advisory CESA-2007:0875
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld) and
many different client programs and libraries.
A flaw was discovered in MySQL’s authentication protocol. It is possible
for a remote unauthenticated attacker to send a specially crafted
authentication request to the MySQL server causing it to crash. (CVE-2007-3780)
All users of the MySQL server are advised to upgrade to these updated
packages, which contain a backported patch which fixes this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-August/076317.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076318.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076319.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076320.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076321.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076322.html
Affected packages:
mysql
mysql-bench
mysql-devel
mysql-server
mysql-test
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0875
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | mysql | < 4.1.20-2.RHEL4.1.0.1 | mysql-4.1.20-2.RHEL4.1.0.1.ia64.rpm |
CentOS | 4 | ia64 | mysql-bench | < 4.1.20-2.RHEL4.1.0.1 | mysql-bench-4.1.20-2.RHEL4.1.0.1.ia64.rpm |
CentOS | 4 | ia64 | mysql-devel | < 4.1.20-2.RHEL4.1.0.1 | mysql-devel-4.1.20-2.RHEL4.1.0.1.ia64.rpm |
CentOS | 4 | ia64 | mysql-server | < 4.1.20-2.RHEL4.1.0.1 | mysql-server-4.1.20-2.RHEL4.1.0.1.ia64.rpm |
CentOS | 5 | i386 | mysql | < 5.0.22-2.1.0.1 | mysql-5.0.22-2.1.0.1.i386.rpm |
CentOS | 5 | i386 | mysql-bench | < 5.0.22-2.1.0.1 | mysql-bench-5.0.22-2.1.0.1.i386.rpm |
CentOS | 5 | i386 | mysql-devel | < 5.0.22-2.1.0.1 | mysql-devel-5.0.22-2.1.0.1.i386.rpm |
CentOS | 5 | i386 | mysql-server | < 5.0.22-2.1.0.1 | mysql-server-5.0.22-2.1.0.1.i386.rpm |
CentOS | 5 | i386 | mysql-test | < 5.0.22-2.1.0.1 | mysql-test-5.0.22-2.1.0.1.i386.rpm |
CentOS | 5 | i386 | mysql | < 5.0.22-2.1.0.1 | mysql-5.0.22-2.1.0.1.i386.rpm |