FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3469

This CVE name corresponds to:

Entered Topic
2006-08-13 mysql -- format string vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3469 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-3469
Phase Assigned(20060710)

Description

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

References

Source Reference
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694
MISC http://bugs.mysql.com/bug.php?id=20729
CONFIRM http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
CONFIRM http://docs.info.apple.com/article.html?artnum=305214
APPLE APPLE-SA-2007-03-13
DEBIAN DSA-1112
GENTOO GLSA-200608-09
REDHAT RHSA-2008:0768
UBUNTU USN-321-1
CERT TA07-072A
BID 19032
OVAL oval:org.mitre.oval:def:9827
VUPEN ADV-2007-0930
SECUNIA 21147
SECUNIA 21366
SECUNIA 24479
SECUNIA 31226

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.