Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200608-09
HistoryAug 06, 2006 - 12:00 a.m.

MySQL: Denial of service

2006-08-0600:00:00
Gentoo Foundation
security.gentoo.org
19

0.932 High

EPSS

Percentile

99.0%

JSON

Background

MySQL is a popular multi-threaded, multi-user SQL server.

Description

Jean-David Maillefer discovered a format string vulnerability in time.cc where MySQL fails to properly handle specially formatted user input to the date_format function.

Impact

By specifying a format string as the first parameter to the date_format function, an authenticated attacker could cause MySQL to crash, resulting in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All MySQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --verbose --oneshot ">=dev-db/mysql-4.1.21"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/mysql< 4.1.21UNKNOWN

Related

veracode 1
openvas 11
ubuntucve 1
cve 1
nessus 9
checkpoint_advisories 1
cvelist 1
slackware 1
freebsd 1
ubuntu 1
osv 1
debian 1
redhat 1
oraclelinux 1
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:25:16
openvas
openvas
Gentoo Security Advisory GLSA 200608-09 (mysql)
2008-09-24 00:00:00
Slackware: Security Advisory (SSA:2006-211-01)
2012-09-10 00:00:00
Ubuntu: Security Advisory (USN-321-1)
2022-08-26 00:00:00
ubuntucve
ubuntucve
CVE-2006-3469
2006-07-21 00:00:00
cve
cve
CVE-2006-3469
2006-07-21 14:03:00
nessus
nessus
GLSA-200608-09 : MySQL: Denial of Service
2006-08-07 00:00:00
Slackware 10.2 : mysql (SSA:2006-211-01)
2007-02-18 00:00:00
MySQL < 4.1.21 / 5.0 Denial of Service
2012-01-16 00:00:00
checkpoint_advisories
checkpoint_advisories
MySQL Server DATE_FORMAT Function Format String (CVE-2006-3469)
2009-11-10 00:00:00
cvelist
cvelist
CVE-2006-3469
2006-07-18 23:00:00
slackware
slackware
[slackware-security] mysql
2006-07-31 03:23:42
freebsd
freebsd
mysql -- format string vulnerability
2006-06-27 00:00:00
ubuntu
ubuntu
mysql-dfsg-4.1 vulnerability
2006-07-21 00:00:00
osv
osv
mysql-dfsg-4.1 - several vulnerabilities
2006-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service
2006-07-17 00:00:00
redhat
redhat
(RHSA-2008:0768) Moderate: mysql security, bug fix, and enhancement update
2008-07-24 00:00:00
oraclelinux
oraclelinux
mysql security, bug fix, and enhancement update
2008-08-01 00:00:00

0.932 High

EPSS

Percentile

99.0%

JSON
Related for GLSA-200608-09
veracode1openvas11ubuntucve1cve1nessus9checkpoint_advisories1cvelist1slackware1freebsd1ubuntu1osv1debian1redhat1oraclelinux1