Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-3469

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

Published

2006-07-21T14:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mysql	mysql	4.1.8	Yes
Application	mysql	mysql	4.1.12	Yes
Application	mysql	mysql	4.1.13	Yes
Application	mysql	mysql	4.1.14	Yes
Application	mysql	mysql	4.1.15	Yes
Application	mysql	mysql	5.0.5.0.21	Yes
Application	mysql	mysql	5.0.10	Yes
Application	mysql	mysql	5.0.15	Yes
Application	mysql	mysql	5.0.16	Yes
Application	mysql	mysql	5.0.17	Yes
Application	oracle	mysql	4.1.6	Yes
Application	oracle	mysql	4.1.7	Yes
Application	oracle	mysql	4.1.9	Yes
Application	oracle	mysql	4.1.11	Yes
Application	oracle	mysql	4.1.16	Yes
Application	oracle	mysql	4.1.18	Yes
Application	oracle	mysql	4.1.19	Yes
Application	oracle	mysql	4.1.20	Yes
Application	oracle	mysql	5.0.6	Yes
Application	oracle	mysql	5.0.9	Yes
Application	oracle	mysql	5.0.11	Yes
Application	oracle	mysql	5.0.12	Yes
Application	oracle	mysql	5.0.13	Yes
Application	oracle	mysql	5.0.18	Yes
Application	oracle	mysql	5.0.19	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 ([email protected])
http://bugs.mysql.com/bug.php?id=20729 ([email protected])
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html ([email protected])
http://docs.info.apple.com/article.html?artnum=305214 ([email protected])
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html ([email protected])
http://secunia.com/advisories/21147 Vendor Advisory ([email protected])
http://secunia.com/advisories/21366 Vendor Advisory ([email protected])
http://secunia.com/advisories/24479 Vendor Advisory ([email protected])
http://secunia.com/advisories/31226 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200608-09.xml ([email protected])
http://www.debian.org/security/2006/dsa-1112 Patch, Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0768.html ([email protected])
http://www.securityfocus.com/bid/19032 ([email protected])
http://www.ubuntu.com/usn/usn-321-1 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA07-072A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2007/0930 Vendor Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.mysql.com/bug.php?id=20729 (af854a3a-2127-422b-91ae-364da2661108)
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html (af854a3a-2127-422b-91ae-364da2661108)
http://docs.info.apple.com/article.html?artnum=305214 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21147 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21366 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24479 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31226 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200608-09.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1112 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0768.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/19032 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-321-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA07-072A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0930 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827 (af854a3a-2127-422b-91ae-364da2661108)