CVE-2006-3469

MySQL Server <4.1.21, 5.0 - DoS

Title source: llm

Description

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Christian Hammers · textdoslinux

https://www.exploit-db.com/exploits/28234

View Code ZIP pw:eip

References (17)

Core 17

Core References

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0768.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200608-09.xml

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19032

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31226

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=305214

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-321-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21147

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21366

Various Sources x_refsource_misc

http://bugs.mysql.com/bug.php?id=20729

Issue Tracking x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827

Various Sources x_refsource_confirm

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1112

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0930

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24479

Scores

EPSS 0.3892

EPSS Percentile 97.3%

Details

CWE

CWE-134

Status published

Products (25)

mysql/mysql 4.1.8

mysql/mysql 4.1.12

mysql/mysql 4.1.13

mysql/mysql 4.1.14

mysql/mysql 4.1.15

mysql/mysql 5.0.5.0.21

mysql/mysql 5.0.10

mysql/mysql 5.0.15

mysql/mysql 5.0.16

mysql/mysql 5.0.17

... and 15 more

Published Jul 21, 2006

Tracked Since Feb 18, 2026