MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities Network Vulnerability

Summary

The host is running MySQL and is prone to Multiple Format String vulnerabilities.

Impact

Successful exploitation could allow remote authenticated users to cause a Denial of Service and possibly have unspecified other attacks. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.36 or later http://dev.mysql.com/downloads

Insight

The flaws are due to error in the 'dispatch_command' function in sql_parse.cc in libmysqld/ which can caused via format string specifiers in a database name in a 'COM_CREATE_DB' or 'COM_DROP_DB' request.

Affected

MySQL version 4.0.0 to 5.0.83 on all running platform.

References

http://secunia.com/advisories/35767
http://www.osvdb.org/55734
http://www.securityfocus.com/archive/1/archive/1/504799/100/0/threaded
http://xforce.iss.net/xforce/xfdb/51614

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2446
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities June-09 (Win) - I
AnalogX SimpleServer:WWW DoS
Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
ClamAV Multiple Vulnerabilities (Win)
Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)

Take action and discover your vulnerabilities