Denial of Service : MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800842

Categoría: Denial of Service

Título: MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities

Resumen: MySQL is prone to Multiple Format String vulnerabilities.

Descripción: Summary:
MySQL is prone to Multiple Format String vulnerabilities.

Vulnerability Insight:
The flaws are due to error in the 'dispatch_command' function in sql_parse.cc
in libmysqld/ which can caused via format string specifiers in a database name
in a 'COM_CREATE_DB' or 'COM_DROP_DB' request.

Vulnerability Impact:
Successful exploitation could allow remote authenticated users to cause a Denial
of Service and possibly have unspecified other attacks.

Affected Software/OS:
MySQL version 4.0.0 to 5.0.83 on all running platform.

Solution:
Upgrade to MySQL version 5.1.36 or later.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2446
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 35609
http://www.securityfocus.com/bid/35609
Bugtraq: 20090708 MySQL <= 5.0.45 post auth format string vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504799/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
http://www.osvdb.org/55734
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://securitytracker.com/id?1022533
http://secunia.com/advisories/35767
http://secunia.com/advisories/36566
http://secunia.com/advisories/38517
http://www.ubuntu.com/usn/USN-1397-1
http://ubuntu.com/usn/usn-897-1
http://www.vupen.com/english/advisories/2009/1857
XForce ISS Database: mysql-dispatchcommand-format-string(51614)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51614

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800842
Categoría:	Denial of Service
Título:	MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
Resumen:	MySQL is prone to Multiple Format String vulnerabilities.
Descripción:	Summary: MySQL is prone to Multiple Format String vulnerabilities. Vulnerability Insight: The flaws are due to error in the 'dispatch_command' function in sql_parse.cc in libmysqld/ which can caused via format string specifiers in a database name in a 'COM_CREATE_DB' or 'COM_DROP_DB' request. Vulnerability Impact: Successful exploitation could allow remote authenticated users to cause a Denial of Service and possibly have unspecified other attacks. Affected Software/OS: MySQL version 4.0.0 to 5.0.83 on all running platform. Solution: Upgrade to MySQL version 5.1.36 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2446 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 35609 http://www.securityfocus.com/bid/35609 Bugtraq: 20090708 MySQL <= 5.0.45 post auth format string vulnerability (Google Search) http://www.securityfocus.com/archive/1/504799/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:179 http://www.osvdb.org/55734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857 http://www.redhat.com/support/errata/RHSA-2009-1289.html http://www.redhat.com/support/errata/RHSA-2010-0110.html http://securitytracker.com/id?1022533 http://secunia.com/advisories/35767 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://www.ubuntu.com/usn/USN-1397-1 http://ubuntu.com/usn/usn-897-1 http://www.vupen.com/english/advisories/2009/1857 XForce ISS Database: mysql-dispatchcommand-format-string(51614) https://exchange.xforce.ibmcloud.com/vulnerabilities/51614
Copyright	Copyright (C) 2009 Greenbone AG