Summary
The host is running MySQL and is prone to Multiple Format String vulnerabilities.
Impact
Successful exploitation could allow remote authenticated users to cause a Denial of Service and possibly have unspecified other attacks.
Impact Level: Application
Solution
Upgrade to MySQL version 5.1.36 or later
http://dev.mysql.com/downloads
Insight
The flaws are due to error in the 'dispatch_command' function in sql_parse.cc in libmysqld/ which can caused via format string specifiers in a database name in a 'COM_CREATE_DB' or 'COM_DROP_DB' request.
Affected
MySQL version 4.0.0 to 5.0.83 on all running platform.
References
Severity
Classification
-
CVE CVE-2009-2446 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)
- BulletProof FTP Client '.bps' File Buffer Overflow Vulnerability
- CA Multiple Products 'arclib' Component DoS Vulnerability (Win)
- Avaya IP Office Manager TFTP Denial of Service Vulnerability
- BreakPoint Software Hex Workshop Denial of Service vulnerability