Информационная безопасность

CVE-2009-2446
back  новости / статьи / форум / программы / реклама / поиск / эксплоиты  forward
[RU] switch to
English Version



CVECVE-2009-2446
СтатусCandidate
ОписаниеMultiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.  NOTE: some of these details are obtained from third party information.
ВажностьHigh
CVSS score8,5
CVSS vector(AV:N/AC:M/Au:S/C:C/I:C/A:C)
PhaseAssigned (21.08.2010)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2446
ReferencesBID : 35609
 BUGTRAQ : 20090708 MySQL <= 5.0.45 post auth format string vulnerability
 FULLDISC : 20090708 MySQL <= 5.0.45 post auth format string vulnerability
 OSVDB : 55734
 SECTRACK : 1022533
 SECUNIA : 35767
 VUPEN : ADV-2009-1857
 XF : mysql-dispatchcommand-format-string(51614)
SecurityVulns:Ошибки форматной строки в MySQL
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

 
 


Rating@Mail.ru
test server