PT-2006-4344 · Mysql Server+1 · Mysql Server+1

Jean-David Maillefer

Published

2006-07-18

Updated

2019-12-17

CVE-2006-3469

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions MySQL Server versions 4.1 before 4.1.21 MySQL Server versions 5.0 before 5.0.21

Description A format string issue in the time.cc component allows remote authenticated users to cause a denial of service by providing a format string instead of a date as the first parameter to the date format function. This input is later used in a formatted print call to display an error message, leading to a potential crash.

Recommendations For MySQL Server versions 4.1 before 4.1.21, update to version 4.1.21 or later. For MySQL Server versions 5.0 before 5.0.21, update to version 5.0.21 or later.

Exploit

Fix

DoS

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2006-3469

DSA-1112

RHSA-2008:0768

RHSA-2008_0768

Affected Products

Mysql Server

Red Hat

PT-2006-4344 · Mysql Server+1 · Mysql Server+1

CVE-2006-3469

Weakness Enumeration

Related Identifiers

Affected Products

References · 26