CVE-2004-0837 — LOW (2.6) — White Hats Nepal

Q: What is CVE-2004-0837?

CVE-2004-0837 is a vulnerability with a CVSS score of 2.6 (LOW). MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

Q: How severe is CVE-2004-0837?

CVE-2004-0837 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-0837?

Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql, Debian Debian Linux.

Vulnerability Description

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mysql	Mysql	4.1.0
Oracle	Mysql	>= 3.20, < 3.23.49
Debian	Debian Linux	3.0

References

http://bugs.mysql.com/2408ExploitVendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892Broken Link
http://lists.mysql.com/internals/16168Vendor Advisory
http://lists.mysql.com/internals/16173Vendor Advisory
http://lists.mysql.com/internals/16174Vendor Advisory
http://marc.info/?l=bugtraq&m=110140517515735&w=2Mailing ListThird Party Advisory
http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c%401.15
http://secunia.com/advisories/12783/Third Party Advisory
http://securitytracker.com/id?1011606Third Party AdvisoryVDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1Broken Link
http://www.ciac.org/ciac/bulletins/p-018.shtmlBroken Link
http://www.debian.org/security/2004/dsa-562Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-597.htmlPatchVendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-611.htmlThird Party Advisory

FAQ

What is CVE-2004-0837?

CVE-2004-0837 is a vulnerability with a CVSS score of 2.6 (LOW). MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

How severe is CVE-2004-0837?

CVE-2004-0837 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0837?

Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql, Debian Debian Linux.