Computer Security
[EN] securityvulns.ru no-pyccku


MySQL format string vulnerabilities
Published:27.07.2009
Source:
SecurityVulns ID:10099
Type:local
Threat Level:
5/10
Description:COM_CREATE_DB, COM_DROP_DB format string vulnerabilities
Affected:ORACLE : MySQL 5.0
CVE:CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod