FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- format string vulnerability

Affected packages
5.1 <= mysql-server < 5.1.6
5.0 <= mysql-server < 5.0.19
4.1 <= mysql-server < 4.1.18

Details

VuXML ID fcb90eb0-2ace-11db-a6e2-000e0c2e438a
Discovery 2006-06-27
Entry 2006-08-13

Jean-David Maillefer reports a Denial of Service vulnerability within MySQL. The vulnerability is caused by improper checking of the data_format routine, which cause the MySQL server to crash. The crash is triggered by the following code:
"SELECT date_format('%d%s', 1);

References

Bugtraq ID 19032
CVE Name CVE-2006-3469
URL http://bugs.mysql.com/bug.php?id=20729