CVE-2009-4019 — Vulnetix

CVE-2009-4019 PUBLISHED

## Snort IDS/IPS Mitigation Rules (2 rules) The following Emerging Threats Snort rules detect exploitation of this vulnerability: ### Rule 1: SID 2010491 (rev 2) **ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt** > **Note:** This rule is currently disabled in the Emerging Threats ruleset. ```snort #alert tcp $EXTERNAL_NET any -> $HOME_NET 3306 (msg:"ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt"; flow:to_server,established; content:"SELECT"; nocase; content:"geometrycollectionfromwkb"; distance:0; nocase; pcre:"/SELECT.+geometrycollectionfromwkb/si"; reference:url,www.securityfocus.com/bid/37297/info; reference:url,marc.info/?l=oss-security&m=125881733826437&w=2; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt; reference:cve,2009-4019; classtype:attempted-dos; sid:2010491; rev:2; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2010_07_30;) ``` --- ### Rule 2: SID 2010492 (rev 3) **ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt** > **Note:** This rule is currently disabled in the Emerging Threats ruleset. ```snort #alert tcp $EXTERNAL_NET any -> $HOME_NET 3306 (msg:"ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt"; flow:to_server,established; content:"SELECT"; nocase; content:"WHERE"; distance:0; nocase; content:"SELECT"; nocase; content:"INTO"; distance:0; nocase; content:"|60|"; within:50; content:"|60|"; pcre:"/SELECT.+WHERE.+SELECT.+\x60/si"; reference:url,www.securityfocus.com/bid/37297/info; reference:url,marc.info/?l=oss-security&m=125881733826437&w=2; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt; reference:cve,2009-4019; classtype:attempted-dos; sid:2010492; rev:3; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2010_07_30;) ``` ### Implementation Steps 1. Deploy these rules to your Snort/Suricata IDS/IPS sensors 2. Ensure all rules are enabled in your sensor configuration 3. Monitor for alerts matching the above SIDs 4. For IPS mode, consider changing action from `alert` to `drop`

EPSS 7.67% · 91.8th percentile

Risk Scores

EPSS Score

7.67%

91.8th percentile

Timeline

Nov 30, 2009 CVE Published
Jul 30, 2010 PoC Published
Feb 4, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Jul 24, 2023 EPSS Score

References

Emerging Threats Snort Rule SID 2010491 mitigation
https://www.securityfocus.com/bid/37297/info advisory
https://marc.info/?l=oss-security&m=125881733826437&w=2 advisory
https://downloads.securityfocus.com/vulnerabilities/exploits/37297.txt advisory
Emerging Threats Snort Rule SID 2010492 mitigation
https://downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt advisory

Open in Interactive Console →