DSA-1877-1 mysql-dfsg-5.0 -- denial of service/execution of arbitrary codeID: oval:org.secpod.oval:def:600316 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. For the stable distribution , this problem has been fixed in version 5.0.51a-24+lenny2. For the old stable distribution , this problem has been fixed in version 5.0.32-7etch11. We recommend that you upgrade your mysql packages.
Platform: |
Debian 5.0 |
Debian 4.0 |