Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3469

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-3469
Last Modified 07 Mar 2011 12:00:00
Published 21 Jul 2006 10:03:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-3469

Summary

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

Vulnerable Systems

Application

  • Mysql 4.1.11

  • Mysql 4.1.12

  • Mysql 4.1.12a

  • Mysql 4.1.13

  • Mysql 4.1.13a

  • Mysql 4.1.14

  • Mysql 4.1.14a

  • Mysql 4.1.15

  • Mysql 4.1.15a

  • Mysql 4.1.16

  • Mysql 4.1.18

  • Mysql 4.1.19

  • Mysql 4.1.20

  • Mysql 4.1.6

  • Mysql 4.1.7

  • Mysql 4.1.8

  • Mysql 4.1.8a

  • Mysql 4.1.9

  • Mysql 5.0.10

  • Mysql 5.0.10a

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.15

  • Mysql 5.0.15a

  • Mysql 5.0.16

  • Mysql 5.0.16a

  • Mysql 5.0.17

  • Mysql 5.0.17a

  • Mysql 5.0.18

  • Mysql 5.0.19

  • Mysql 5.0.1a

  • Mysql 5.0.3a

  • Mysql 5.0.4a

  • Mysql 5.0.5.0.21

  • Mysql 5.0.6

  • Mysql 5.0.9


References

CERT - TA07-072A

DEBIAN - DSA-1112

VUPEN - ADV-2007-0930

UBUNTU - USN-321-1

BID - 19032

REDHAT - RHSA-2008:0768

GENTOO - GLSA-200608-09

SECUNIA - 31226

SECUNIA - 24479

SECUNIA - 21366

SECUNIA - 21147

APPLE - APPLE-SA-2007-03-13

CONFIRM - http://docs.info.apple.com/article.html?artnum=305214

CONFIRM - http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

MISC - http://bugs.mysql.com/bug.php?id=20729

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694


Last Updated: 27 May 2016 10:43:01