ID CVE-2006-3081
Summary mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
References
Vulnerable Configurations
  • MySQL MySQL 4.0.18
    cpe:2.3:a:mysql:mysql:4.0.18
  • MySQL MySQL 4.1.4
    cpe:2.3:a:mysql:mysql:4.1.4
  • MySQL MySQL 4.1.5
    cpe:2.3:a:mysql:mysql:4.1.5
  • MySQL MySQL 4.1.7
    cpe:2.3:a:mysql:mysql:4.1.7
  • MySQL MySQL 4.1.13
    cpe:2.3:a:mysql:mysql:4.1.13
  • MySQL MySQL 4.1.15
    cpe:2.3:a:mysql:mysql:4.1.15
  • MySQL MySQL 4.1.16
    cpe:2.3:a:mysql:mysql:4.1.16
  • MySQL MySQL 5.0.0
    cpe:2.3:a:mysql:mysql:5.0.0
  • MySQL MySQL 5.0.1
    cpe:2.3:a:mysql:mysql:5.0.1
  • MySQL MySQL 5.0.2
    cpe:2.3:a:mysql:mysql:5.0.2
  • MySQL MySQL 5.0.3
    cpe:2.3:a:mysql:mysql:5.0.3
  • MySQL MySQL 5.0.4
    cpe:2.3:a:mysql:mysql:5.0.4
  • MySQL MySQL 5.0.18
    cpe:2.3:a:mysql:mysql:5.0.18
  • MySQL 5.1.5
    cpe:2.3:a:mysql:mysql:5.1.5
CVSS
Base: 4.0 (as of 19-06-2006 - 14:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description MySQL Server 4/5 Str_To_Date Remote Denial Of Service Vulnerability. CVE-2006-3081. Dos exploit for linux platform
id EDB-ID:28026
last seen 2016-02-03
modified 2006-06-14
published 2006-06-14
reporter Kanatoko
source https://www.exploit-db.com/download/28026/
title MySQL Server 4/5 Str_To_Date Remote Denial of Service Vulnerability
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_9.NASL
    description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 24811
    published 2007-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24811
    title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-111.NASL
    description Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21755
    published 2006-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21755
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2006:111)
  • NASL family Databases
    NASL id MYSQL_5_1_6.NASL
    description The version of MySQL installed on the remote host is earlier than 4.1.18 / 5.0.19 / 5.1.6 and thus reportedly allows a remote, authenticated user to crash the server via the str_to_date function.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17810
    published 2012-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17810
    title MySQL < 4.1.18 / 5.0.19 / 5.1.6 Denial of Service
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1112.NASL
    description Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3081 'Kanatoko' discovered that the server can be crashed with feeding NULL values to the str_to_date() function. - CVE-2006-3469 Jean-David Maillefer discovered that the server can be crashed with specially crafted date_format() function calls.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22654
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22654
    title Debian DSA-1112-1 : mysql-dfsg-4.1 - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-306-1.NASL
    description MySQL did not correctly handle NULL as the second argument to the str_to_date() function. An authenticated user could exploit this to crash the server. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27881
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27881
    title Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-306-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0544.NASL
    description Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22000
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22000
    title CentOS 4 : mysql (CESA-2006:0544)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0544.NASL
    description Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 21683
    published 2006-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21683
    title RHEL 4 : mysql (RHSA-2006:0544)
oval via4
accepted 2013-04-29T04:19:56.665-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
family unix
id oval:org.mitre.oval:def:9516
status accepted
submitted 2010-07-09T03:56:16-04:00
title mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
version 23
redhat via4
advisories
rhsa
id RHSA-2007:0083
refmap via4
apple APPLE-SA-2007-03-13
bid 18439
bugtraq
  • 20060614 MySQL DoS
  • 20060615 Re: MySQL DoS
cert
  • TA06-208A
  • TA07-072A
confirm
debian DSA-1112
fulldisc 20060615 MySQL DoS
mandriva MDKSA-2006:111
secunia
  • 19929
  • 20832
  • 20871
  • 24479
ubuntu USN-306-1
vupen ADV-2007-0930
xf mysql-select-dos(27212)
Last major update 07-03-2011 - 21:37
Published 19-06-2006 - 14:02
Last modified 18-10-2018 - 12:45
Back to Top