LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mysql: denial of service and "unspecified other impact"

Package(s):mysql CVE #(s):CVE-2009-2446
Created:July 27, 2009 Updated:March 8, 2010
Description:

From the Mandriva advisory:

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446).

Alerts:
rPath rPSA-2010-0014-1 2010-03-07
Ubuntu USN-897-1 2010-02-10
Mandriva MDVSA-2009:326 2009-12-07
CentOS CESA-2010:0110 2010-02-17
Red Hat RHSA-2010:0110-01 2010-02-16
Red Hat RHSA-2009:1461-01 2009-09-23
CentOS CESA-2009:1289 2009-09-15
Debian DSA-1877-1 2009-09-02
Red Hat RHSA-2009:1289-02 2009-09-02
SuSE SUSE-SR:2009:014 2009-09-01
Mandriva MDVSA-2009:179 2009-07-29
Mandriva MDVSA-2009:159 2009-07-27
Gentoo 201201-02 2012-01-05
Ubuntu USN-1397-1 2012-03-12
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds