CVE-2006-3469 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3469
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3469

Description: Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-321-1 SAID Secunia Advisory: SA21147 Secunia Advisory: SA21366 Secunia Advisory: SA24479 Secunia Advisory: SA31226 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0768.html MISC http://bugs.mysql.com/bug.php?id=20729 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 GENTOO http://security.gentoo.org/glsa/glsa-200608-09.xml DEBIAN http://www.debian.org/security/2006/dsa-1112 CONFIRM http://docs.info.apple.com/article.html?artnum=305214 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html CERT http://www.us-cert.gov/cas/techalerts/TA07-072A.html BID 19032 APPLE http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Return to the previous page.