Информационная безопасность
[RU] switch to English


CVECVE-2009-2446
СтатусCandidate
ОписаниеMultiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.  NOTE: some of these details are obtained from third party information.
Важность
High
CVSS score8,5
CVSS vector(AV:N/AC:M/Au:S/C:C/I:C/A:C)
PhaseAssigned (22.01.2013)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2446
ReferencesSECTRACK : 1022533
 FULLDISC : 20090708 MySQL <= 5.0.45 post auth format string vulnerability
 BUGTRAQ : 20090708 MySQL <= 5.0.45 post auth format string vulnerability
 BID : 35609
 SECUNIA : 35767
 OSVDB : 55734
 VUPEN : ADV-2009-1857
 XF : mysql-dispatchcommand-format-string(51614)
SecurityVulns:Ошибки форматной строки в MySQL
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород