Family: Debian Local Security Checks --> Category: infos
[DSA1112] DSA-1112-1 mysql-dfsg-4.1 Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Several local vulnerabilities have been discovered in the MySQL database
server, which may lead to denial of service. The Common
Vulnerabilities and Exposures project identifies the following problems:
"Kanatoko" discovered that the server can be crashed with feeding
NULL values to the str_to_date() function.
Jean-David Maillefer discovered that the server can be crashed with
specially crafted date_format() function calls.
For the stable distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) does no longer contain MySQL 4.1
packages. MySQL 5.0 from sid is not affected.
We recommend that you upgrade your mysql-dfsg-4.1 packages.
Solution : http://www.debian.org/security/2006/dsa-1112
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.