|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-09] MySQL: Denial of Service Vulnerability Scan
Vulnerability Scan Summary MySQL: Denial of Service
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-09
(MySQL: Denial of Service)
Jean-David Maillefer discovered a format string vulnerability in
time.cc where MySQL fails to properly handle specially formatted user
input to the date_format function.
Impact
By specifying a format string as the first parameter to the date_format
function, an authenticated attacker could cause MySQL to crash,
resulting in a Denial of Service.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
Solution:
All MySQL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --verbose --oneshot ">=dev-db/mysql-4.1.21"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|