8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.068 Low
EPSS
Percentile
93.8%
Multiple format string vulnerabilities in the dispatch_command function in
libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote
authenticated users to cause a denial of service (daemon crash) and
possibly have unspecified other impact via format string specifiers in a
database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE:
some of these details are obtained from third party information.
Author | Note |
---|---|
jdstrand | grep -r ‘mysql_log.write(thd,command,packet)’ ./* shows all of 5.0 are likely affected |
mdeslaur | PoC: http://seclists.org/fulldisclosure/2009/Jul/0058.html re-classifying as low as a bunch of non-default conditions need to be met. See redhat bug. Doesn’t affect 5.1 per mysql bug |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | mysql-dfsg-5.0 | < 5.0.22-0ubuntu6.06.12 | UNKNOWN |
ubuntu | 8.04 | noarch | mysql-dfsg-5.0 | < 5.0.51a-3ubuntu5.5 | UNKNOWN |
ubuntu | 8.10 | noarch | mysql-dfsg-5.0 | < 5.0.67-0ubuntu6.1 | UNKNOWN |
ubuntu | 9.04 | noarch | mysql-dfsg-5.0 | < 5.1.30really5.0.75-0ubuntu10.3 | UNKNOWN |