CVE-2006-3469
CVSS4.0
发布时间 :2006-07-21 10:03:00
修订时间 :2011-03-07 00:00:00
NMOPS    

[原文]Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.


[CNNVD]CNNVD数据暂缺。


[机译]2006年4月1日前格式化字符串漏洞time.cc之前在MySQL服务器4.1版4.1.21和5.0允许远程认证用户导致拒绝服务(崩溃)的日期格式字符串,而不是使用date_format函数的第一个参数

- CVSS (基础分值)

CVSS分值: 4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-134 []

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:5.0.17MySQL MySQL 5.0.17
cpe:/a:mysql:mysql:4.1.14MySQL MySQL 4.1.14
cpe:/a:mysql:mysql:4.1.12MySQL MySQL 4.1.12
cpe:/a:mysql:mysql:5.0.12MySQL MySQL 5.0.12
cpe:/a:mysql:mysql:5.0.17aMySQL MySQL 5.0.17a
cpe:/a:mysql:mysql:5.0.10MySQL MySQL 5.0.10
cpe:/a:mysql:mysql:4.1.20MySQL MySQL 4.1.20
cpe:/a:mysql:mysql:5.0.9MySQL MySQL 5.0.9
cpe:/a:mysql:mysql:4.1.14aMySQL MySQL 4.1.14a
cpe:/a:mysql:mysql:5.0.15MySQL MySQL 5.0.15
cpe:/a:mysql:mysql:5.0.16aMySQL MySQL 5.0.16a
cpe:/a:mysql:mysql:4.1.18MySQL MySQL 4.1.18
cpe:/a:mysql:mysql:4.1.13MySQL MySQL 4.1.13
cpe:/a:mysql:mysql:5.0.6MySQL MySQL 5.0.6
cpe:/a:mysql:mysql:5.0.5.0.21
cpe:/a:mysql:mysql:5.0.19MySQL MySQL 5.0.19
cpe:/a:mysql:mysql:4.1.6MySQL MySQL 4.1.6
cpe:/a:mysql:mysql:4.1.15MySQL MySQL 4.1.15
cpe:/a:mysql:mysql:4.1.13aMySQL MySQL 4.1.13a
cpe:/a:mysql:mysql:4.1.8aMySQL MySQL 4.1.8a
cpe:/a:mysql:mysql:4.1.19MySQL MySQL 4.1.19
cpe:/a:mysql:mysql:4.1.15aMySQL MySQL 4.1.15a
cpe:/a:mysql:mysql:5.0.10aMySQL MySQL 5.0.10a
cpe:/a:mysql:mysql:4.1.12aMySQL MySQL 4.1.12a
cpe:/a:mysql:mysql:4.1.16MySQL MySQL 4.1.16
cpe:/a:mysql:mysql:5.0.3aMySQL MySQL 5.0.3a
cpe:/a:mysql:mysql:5.0.15aMySQL MySQL 5.0.15a
cpe:/a:mysql:mysql:5.0.13MySQL MySQL 5.0.13
cpe:/a:mysql:mysql:4.1.9MySQL MySQL 4.1.9
cpe:/a:mysql:mysql:5.0.16MySQL MySQL 5.0.16
cpe:/a:mysql:mysql:5.0.4aMySQL MySQL 5.0.4a
cpe:/a:mysql:mysql:4.1.8MySQL MySQL 4.1.8
cpe:/a:mysql:mysql:4.1.11MySQL MySQL 4.1.11
cpe:/a:mysql:mysql:4.1.7MySQL MySQL 4.1.7
cpe:/a:mysql:mysql:5.0.18MySQL MySQL 5.0.18
cpe:/a:mysql:mysql:5.0.11MySQL MySQL 5.0.11
cpe:/a:mysql:mysql:5.0.1aMySQL MySQL 5.0.1a

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9827Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to ca...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3469
(官方数据源) NVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA07-072A.html
(UNKNOWN)  CERT  TA07-072A
http://www.debian.org/security/2006/dsa-1112
(VENDOR_ADVISORY)  DEBIAN  DSA-1112
http://www.vupen.com/english/advisories/2007/0930
(VENDOR_ADVISORY)  VUPEN  ADV-2007-0930
http://www.ubuntu.com/usn/usn-321-1
(UNKNOWN)  UBUNTU  USN-321-1
http://www.securityfocus.com/bid/19032
(UNKNOWN)  BID  19032
http://www.redhat.com/support/errata/RHSA-2008-0768.html
(UNKNOWN)  REDHAT  RHSA-2008:0768
http://security.gentoo.org/glsa/glsa-200608-09.xml
(UNKNOWN)  GENTOO  GLSA-200608-09
http://secunia.com/advisories/31226
(VENDOR_ADVISORY)  SECUNIA  31226
http://secunia.com/advisories/24479
(VENDOR_ADVISORY)  SECUNIA  24479
http://secunia.com/advisories/21366
(VENDOR_ADVISORY)  SECUNIA  21366
http://secunia.com/advisories/21147
(VENDOR_ADVISORY)  SECUNIA  21147
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
(UNKNOWN)  APPLE  APPLE-SA-2007-03-13
http://docs.info.apple.com/article.html?artnum=305214
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=305214
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
(UNKNOWN)  CONFIRM  http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
http://bugs.mysql.com/bug.php?id=20729
(UNKNOWN)  MISC  http://bugs.mysql.com/bug.php?id=20729
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694
(UNKNOWN)  MISC  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694

- 漏洞信息 (F48463)

Ubuntu Security Notice 321-1 (PacketStormID:F48463)
2006-07-24 00:00:00
Ubuntu  security.ubuntu.com
advisory
linux,ubuntu
CVE-2006-3469
[点击下载]

Ubuntu Security Notice 321-1 - Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.

=========================================================== 
Ubuntu Security Notice USN-321-1              July 21, 2006
mysql-dfsg-4.1 vulnerability
CVE-2006-3469
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  mysql-server-4.1                         4.1.12-1ubuntu3.7

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.7.diff.gz
      Size/MD5:   165177 e3f4a9d6d9803befbba2532addd92b71
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.7.dsc
      Size/MD5:     1024 33020e3d005bd77d484f34abecf1c177
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
      Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.7_all.deb
      Size/MD5:    36830 d60762f789e3bd2b4fd3a456d3f73930

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5:  5831474 bced6d17845dc9588a089d49f02d55b0
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5:  1540694 af1be52eddc78528ecd022434171906e
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5:   898462 d45442957f383440bd191f930b443547
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5: 18433692 e071ef9ab926bfb5140a40c26c3ed78f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5:  5348328 8fd1aadc67f3377de8d9d938fed7c165
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5:  1475476 c5258fbb58cb8cb9723a7ffa4284d0f1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5:   866460 42d1d8b4841a60bd8579e393b18dbe3f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5: 17336370 e535ca52af75dd467f68e26b6a9d5e27

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5:  6069400 36169591c90ee3417371a958cadc7b71
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5:  1549166 901ef463598f28da3cfac186a66558da
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5:   937712 1e8b6a06c6b3dfba1e99a7781da0a66c
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5: 18523422 69e4c4a92cd298cfc3e60a7b907b3529
    

- 漏洞信息 (F48389)

Debian Linux Security Advisory 1112-1 (PacketStormID:F48389)
2006-07-20 00:00:00
Debian  debian.org
advisory,denial of service,local,vulnerability
linux,debian
CVE-2006-3081,CVE-2006-3469
[点击下载]

Debian Security Advisory 1111-1 - Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1112-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 18th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mysql-dfsg-4.1
Vulnerability  : several
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2006-3081 CVE-2006-3469
Debian Bug     : 373913 375694

Several local vulnerabilities have been discovered in the MySQL database
server, which may lead to denial of service. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3081

    "Kanatoko" discovered that the server can be crashed with feeding
    NULL values to the str_to_date() function.

CVE-2006-3469

    Jean-David Maillefer discovered that the server can be crashed with
    specially crafted date_format() function calls.

For the stable distribution (sarge) these problems have been fixed in
version 4.1.11a-4sarge5.

For the unstable distribution (sid) does no longer contain MySQL 4.1
packages. MySQL 5.0 from sid is not affected.

We recommend that you upgrade your mysql-dfsg-4.1 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc
      Size/MD5 checksum:     1021 9cd4f7df9345856d06846e0ddb50b9ee
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz
      Size/MD5 checksum:   168442 e45db0b01b3adaf09500d54090f3a1e1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge5_all.deb
      Size/MD5 checksum:    36520 e8115191126dc0b373a53024e5c78733

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum:  1590788 297b4444903885a19c76a1217e83477d
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum:  7965184 8df4e20d157517541228fa52e4c60dbc
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum:  1000952 4d62bca949f80c09f043a78b9e701ca5
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum: 17487070 b357fcab1b57764e1ee8a341dd30def3

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum:  1452034 a22b66b8e00b2409bf1428834af1073b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum:  5551704 731f50735026de2b95d9e9d9e19a7717
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum:   849526 a0a5d944db8261044bcdddbe55ab03d6
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum: 14711282 bf471f8b19fe0aa14bf04209c0eac975

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum:  1388864 1ed00eac905063c7caa7702bb6a4dcda
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum:  5558854 46fac3302d6e4677bb1dbce5f5aa1387
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum:   836766 5487191a4af54786066ac720456b5b68
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum: 14557630 1369e1f83fad8dfcbea1618e0acd821e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum:  1418036 ab5768abe67a1d21c714a078f2ec86f0
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum:  5643732 bf891e68e488947fd28a940a367d722f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum:   830724 f5d4a9e5b289d895ba021190f907829f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum: 14558034 b580eeaf7a3806b95a07435acbe48e27

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum:  1713308 0067b2b9c41a412defde52f366e3c897
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum:  7782486 3aabc5d9cf4bd642de338d58bdaf06f5
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum:  1050616 d23aac0cd8ee2af56e54dfb5bac2f330
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum: 18475936 9ddfe01a4b31abfed11b9bde23fac76f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum:  1551202 77244af3e0edbeaf716764fe9ac81e6f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum:  6250286 fd9cb45d760605ee2a89f70af5cb9af3
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum:   910046 38698cebd4b9f438fd09d9bbb9dcd92c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum: 15791130 8517866821789c2ac7343f9db6f59d3f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum:  1397964 e5166b54d56236e0bcbd677ae0b0612f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum:  5284080 48f187b76145ed53de71074d1e19bd6a
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum:   803870 699c9078240853a353fbd70504285d51
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum: 14072018 f2837081c2ff82f8510234e174db38b4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum:  1478938 f6865d5d185ecc5b20dac7d0d7e129da
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum:  6053046 43b3f77618248df20870c85301465095
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum:   904490 351bde467510be873c1a2cdc57048523
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum: 15409966 a0332059581d3de6922e9313d6eef676

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum:  1446348 46a4c7d996016a4adcf56440b05fef21
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum:  5971326 6467ab19215d4e0e45084d3530929683
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum:   890130 52b93510c81b7d296074fc4c36a6d847
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum: 15105474 1ffe09b6dc5b370067bf337109188a25

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum:  1476860 3b5a3a41dcb3744a289e78e3310d1df1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum:  6027448 99a562b660721bc4dacd8997de8aab1f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum:   907410 9893e547ddfe66215e6bc3da4bf69724
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum: 15403210 25c8ae97be006ad171df2f3bdedc72a2

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum:  1538550 b105d416c3bcd7875984cecac926d076
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum:  5461556 00100b922054d9b9c3fc22b3a92b60c7
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum:   884294 37fe2778f39871852f9fa53677cffe2c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum: 15055516 c22496ba5559e2fbb1f0a37cd889ee0b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum:  1460576 f4a2d46769a708b1ef70aa85e2b09277
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum:  6208040 3dc2de911cc6cbcb4f637bfccbce988a
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum:   868258 1671384fa14d81404e3af7ffb555073e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum: 15392304 6d9b9d762aa6088e416c1b987f853e96


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEvBoaXm3vHE4uyloRAjNHAKDYCyylFbJzy7B6HNonbBeY6hQdzACfZvwM
StoPTSj1GPfq6J9j5qveWTs=
=JCBl
-----END PGP SIGNATURE-----

    

- 漏洞信息

27416
MySQL Server time.cc date_format Function Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-27 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MySQL Server Date_Format Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 19032
Yes No
2006-07-18 12:00:00 2008-07-25 03:48:00
This issue was discovered by Christian Hammers.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Slackware Linux 10.2
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
MySQL AB MySQL 5.1.5
MySQL AB MySQL 5.0.18
MySQL AB MySQL 5.0.4
MySQL AB MySQL 5.0.3
MySQL AB MySQL 5.0.2
MySQL AB MySQL 5.0.1
MySQL AB MySQL 5.0 .0-0
MySQL AB MySQL 4.1.16
MySQL AB MySQL 4.1.15
MySQL AB MySQL 4.1.13
MySQL AB MySQL 4.1.12
MySQL AB MySQL 4.1.11
MySQL AB MySQL 4.1.7
MySQL AB MySQL 4.1.5
MySQL AB MySQL 4.1.4
MySQL AB MySQL 4.0.18
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
MySQL AB MySQL 5.1.6
MySQL AB MySQL 5.0.19
MySQL AB MySQL 4.1.18
Apple Mac OS X Server 10.4.9

- 不受影响的程序版本

MySQL AB MySQL 5.1.6
MySQL AB MySQL 5.0.19
MySQL AB MySQL 4.1.18
Apple Mac OS X Server 10.4.9

- 漏洞讨论

MySQL is prone to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input.

This issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers.

Attackers may exploit this issue in conjunction with latent SQL-injection vulnerabilities in other applications.

Versions prior to MySQL 4.1.18, 5.0.19, and 5.1.6 are vulnerable.

- 漏洞利用

Attackers use standard database client software to exploit this issue.

The following SQL statement will demonstrate this issue:

select date_format('%d%s', 1);

- 解决方案

The vendor has released fixed versions of MySQL to address this issue. Versions newer than or equal to 4.1.18, 5.0.19, or 5.1.6 include a fix for this issue.

Please see the referenced vendor advisories for more information.


Slackware Linux 10.2

Apple Mac OS X Server 10.4

Apple Mac OS X Server 10.4.1

Apple Mac OS X Server 10.4.2

Apple Mac OS X Server 10.4.3

Apple Mac OS X Server 10.4.4

Apple Mac OS X Server 10.4.5

Apple Mac OS X Server 10.4.6

Apple Mac OS X Server 10.4.7

Apple Mac OS X Server 10.4.8

MySQL AB MySQL 4.1.12

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站