exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2009-2446

Status Candidate

Overview

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

Related Files

Ubuntu Security Notice USN-1397-1
Posted Mar 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1397-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-5925, CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838
SHA-256 | dda21a42a15ae22869f978d3746bb4b1626d8469bab9ce1b18636fb138cf0739
Gentoo Linux Security Advisory 201201-02
Posted Jan 6, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-2 - Multiple vulnerabilities were found in MySQL, some of which may allow execution of arbitrary code. Versions less than 5.1.56 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4028, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3676, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837
SHA-256 | 117eb25ee6c51f621745264b1ef7083b0a2c6153fdaa4646571449649e0c610d
Ubuntu Security Notice 897-1
Posted Feb 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 897-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates.

tags | advisory, overflow, xss
systems | linux, ubuntu
advisories | CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484
SHA-256 | f0edf6f7535b1520aeb975de468f02533ed513b5b5870eefc4dccd6cc1160507
Mandriva Linux Security Advisory 2009-326
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-326 - Multiple vulnerabilities has been found and corrected in mysql. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2009-2446
SHA-256 | 9206e9b5ad62079eab88cd261aeacc324cd78e7b929cb7e7acc5a4a3cfdb79cb
Debian Linux Security Advisory 1877-1
Posted Sep 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1877-1 - In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2009-2446
SHA-256 | c6595e9f744ae0389206fcafbac3f076fad7a798140df27ea637268e1d32af18
Mandriva Linux Security Advisory 2009-179
Posted Jul 30, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-179 - Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. This update provides fixes for this vulnerability.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2446
SHA-256 | b6f23056ca397f0cabf1b9e791a0d3dc4c26f03d88d9917816139a0e3686da9b
Mandriva Linux Security Advisory 2009-159
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-159 - Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. This update provides fixes for this vulnerability.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2446
SHA-256 | 4cfbb77d5d4a06892bbc033b3f46ff6cc6e002285db70184ab9ec0d512d3ddff
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close