| Check Point Reference: |
CPAI-2009-205 |
| Date Published: |
17 Jul 2009 |
| Severity: |
High
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Secunia: SA35767 |
| Industry Reference: | N/A |
| Protection Provided by: |
|
| Who is Vulnerable? | Sun Microsystems MySQL 4.x
Sun Microsystems MySQL 5.0.83 and prior |
| Vulnerability Description |
A format string vulnerability exists in Sun Microsystems MySQL database server, a popular open-source implementation of a relational database. The flaw is due to insufficient input validation when processing database commands. Remote authenticated attackers could exploit this vulnerability by sending malformed data to the MySQL process. Successful exploitation could result in a denial of service condition. |
| Update/Patch Avaliable | The vendor, Sun Microsystems, has released an advisory addressing this vulnerability:
http://lists.mysql.com/commits/77637 |
| Vulnerability Details | The vulnerability is caused due to a format string error within the "dispatch_command()" function in sql_parse.cc. This can be exploited to crash an affected service via specially crafted "COM_CREATE_DB" or "COM_DROP_DB" requests.
|
Feedback