[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-3469

Date: (C)2006-07-21   (M)2017-10-12
 
CVSS Score: 4.0Access Vector: NETWORK
Exploitability Subscore: 8.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

Reference:
BID-19032
SECUNIA-21147
SECUNIA-21366
SECUNIA-24479
SECUNIA-31226
ADV-2007-0930
APPLE-SA-2007-03-13
DSA-1112
GLSA-200608-09
RHSA-2008:0768
TA07-072A
USN-321-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694
http://bugs.mysql.com/bug.php?id=20729
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
http://docs.info.apple.com/article.html?artnum=305214

CPE    36
cpe:/a:mysql:mysql:4.1.8a
cpe:/a:mysql:mysql:4.1.18
cpe:/a:mysql:mysql:4.1.19
cpe:/a:mysql:mysql:4.1.16
...
CWE    1
CWE-134

© 2013 SecPod Technologies