LWN.net Logo

mysql: denial of service and "unspecified other impact"

Package(s):mysql CVE #(s):CVE-2009-2446
Created:July 27, 2009 Updated:March 8, 2010
Description:

From the Mandriva advisory:

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446).

Alerts:
rPath rPSA-2010-0014-1 2010-03-07
Ubuntu USN-897-1 2010-02-10
Mandriva MDVSA-2009:326 2009-12-07
CentOS CESA-2010:0110 2010-02-17
Red Hat RHSA-2010:0110-01 2010-02-16
Red Hat RHSA-2009:1461-01 2009-09-23
CentOS CESA-2009:1289 2009-09-15
Debian DSA-1877-1 2009-09-02
Red Hat RHSA-2009:1289-02 2009-09-02
SuSE SUSE-SR:2009:014 2009-09-01
Mandriva MDVSA-2009:179 2009-07-29
Mandriva MDVSA-2009:159 2009-07-27
Gentoo 201201-02 2012-01-05
Ubuntu USN-1397-1 2012-03-12

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds