ID CVE-2009-2446
Summary Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:4.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:4.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:4.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:4.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 17-12-2019 - 20:26)
Impact:
Exploitability:
CWE CWE-134
CAPEC
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
  • Format String Injection
    An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:15:59.603-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
family unix
id oval:org.mitre.oval:def:11857
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
version 30
redhat via4
advisories
  • bugzilla
    id 511020
    title CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment mysql is earlier than 0:5.0.77-3.el5
            oval oval:com.redhat.rhsa:tst:20091289001
          • comment mysql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070875011
        • AND
          • comment mysql-bench is earlier than 0:5.0.77-3.el5
            oval oval:com.redhat.rhsa:tst:20091289003
          • comment mysql-bench is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070875013
        • AND
          • comment mysql-devel is earlier than 0:5.0.77-3.el5
            oval oval:com.redhat.rhsa:tst:20091289005
          • comment mysql-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070875015
        • AND
          • comment mysql-server is earlier than 0:5.0.77-3.el5
            oval oval:com.redhat.rhsa:tst:20091289007
          • comment mysql-server is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070875017
        • AND
          • comment mysql-test is earlier than 0:5.0.77-3.el5
            oval oval:com.redhat.rhsa:tst:20091289009
          • comment mysql-test is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070875019
    rhsa
    id RHSA-2009:1289
    released 2009-09-02
    severity Moderate
    title RHSA-2009:1289: mysql security and bug fix update (Moderate)
  • rhsa
    id RHSA-2010:0110
rpms
  • mysql-0:5.0.77-3.el5
  • mysql-bench-0:5.0.77-3.el5
  • mysql-debuginfo-0:5.0.77-3.el5
  • mysql-devel-0:5.0.77-3.el5
  • mysql-server-0:5.0.77-3.el5
  • mysql-test-0:5.0.77-3.el5
  • httpd-0:2.2.13-2.el5s2
  • httpd-debuginfo-0:2.2.13-2.el5s2
  • httpd-devel-0:2.2.13-2.el5s2
  • httpd-manual-0:2.2.13-2.el5s2
  • mod_ssl-1:2.2.13-2.el5s2
  • mysql-0:5.0.84-2.el5s2
  • mysql-bench-0:5.0.84-2.el5s2
  • mysql-cluster-0:5.0.84-2.el5s2
  • mysql-debuginfo-0:5.0.84-2.el5s2
  • mysql-devel-0:5.0.84-2.el5s2
  • mysql-libs-0:5.0.84-2.el5s2
  • mysql-server-0:5.0.84-2.el5s2
  • mysql-test-0:5.0.84-2.el5s2
  • perl-DBD-MySQL-0:4.012-1.el5s2
  • perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2
  • perl-DBI-0:1.609-1.el5s2
  • perl-DBI-debuginfo-0:1.609-1.el5s2
  • php-0:5.2.10-1.el5s2
  • php-bcmath-0:5.2.10-1.el5s2
  • php-cli-0:5.2.10-1.el5s2
  • php-common-0:5.2.10-1.el5s2
  • php-dba-0:5.2.10-1.el5s2
  • php-debuginfo-0:5.2.10-1.el5s2
  • php-devel-0:5.2.10-1.el5s2
  • php-gd-0:5.2.10-1.el5s2
  • php-imap-0:5.2.10-1.el5s2
  • php-ldap-0:5.2.10-1.el5s2
  • php-mbstring-0:5.2.10-1.el5s2
  • php-mysql-0:5.2.10-1.el5s2
  • php-ncurses-0:5.2.10-1.el5s2
  • php-odbc-0:5.2.10-1.el5s2
  • php-pdo-0:5.2.10-1.el5s2
  • php-pear-1:1.8.1-2.el5s2
  • php-pgsql-0:5.2.10-1.el5s2
  • php-snmp-0:5.2.10-1.el5s2
  • php-soap-0:5.2.10-1.el5s2
  • php-xml-0:5.2.10-1.el5s2
  • php-xmlrpc-0:5.2.10-1.el5s2
  • postgresql-0:8.2.14-1.el5s2
  • postgresql-contrib-0:8.2.14-1.el5s2
  • postgresql-debuginfo-0:8.2.14-1.el5s2
  • postgresql-devel-0:8.2.14-1.el5s2
  • postgresql-docs-0:8.2.14-1.el5s2
  • postgresql-jdbc-0:8.2.510-1jpp.el5s2
  • postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2
  • postgresql-libs-0:8.2.14-1.el5s2
  • postgresql-plperl-0:8.2.14-1.el5s2
  • postgresql-plpython-0:8.2.14-1.el5s2
  • postgresql-pltcl-0:8.2.14-1.el5s2
  • postgresql-python-0:8.2.14-1.el5s2
  • postgresql-server-0:8.2.14-1.el5s2
  • postgresql-tcl-0:8.2.14-1.el5s2
  • postgresql-test-0:8.2.14-1.el5s2
  • mysql-0:4.1.22-2.el4_8.3
  • mysql-bench-0:4.1.22-2.el4_8.3
  • mysql-debuginfo-0:4.1.22-2.el4_8.3
  • mysql-devel-0:4.1.22-2.el4_8.3
  • mysql-server-0:4.1.22-2.el4_8.3
refmap via4
apple APPLE-SA-2010-03-29-1
bid 35609
bugtraq 20090708 MySQL <= 5.0.45 post auth format string vulnerability
confirm http://support.apple.com/kb/HT4077
fulldisc 20090708 MySQL <= 5.0.45 post auth format string vulnerability
mandriva MDVSA-2009:179
osvdb 55734
sectrack 1022533
secunia
  • 35767
  • 36566
  • 38517
ubuntu
  • USN-1397-1
  • USN-897-1
vupen ADV-2009-1857
xf mysql-dispatchcommand-format-string(51614)
statements via4
contributor Mark J Cox
lastmodified 2010-02-17
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446 This issue was addressed for Red hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html . The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3 and Red Hat Application Stack 2.
Last major update 17-12-2019 - 20:26
Published 13-07-2009 - 17:30
Last modified 17-12-2019 - 20:26
Back to Top