CVE-2009-2446

NameCVE-2009-2446
DescriptionMultiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1877-1
NVD severityhigh (attack range: remote)
Debian Bugs536726

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysql-dfsg-5.0source(unstable)(unfixed)low536726
mysql-dfsg-5.0sourceetch5.0.32-7etch11highDSA-1877-1
mysql-dfsg-5.0sourcelenny5.0.51a-24+lenny2highDSA-1877-1
mysql-dfsg-5.0sourcesqueeze5.0.51a-24+lenny2high

Search for package or bug name: Reporting problems