National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-2446)

National Cyber-Alert System

Vulnerability Summary for CVE-2009-2446

Original release date:07/13/2009

Last revised:08/07/2009

Source: US-CERT/NIST

Overview

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:8.5 (HIGH) (AV:N/AC:M/Au:S/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 6.8

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statments (disclaimer)

Official Statement from Red Hat (07/20/2009): Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-2446#c30 The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3, 4, 5 and Red Hat Application Stack 2.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: mysql-dispatchcommand-format-string(51614)

Type: Patch Information

Hyperlink:http://xforce.iss.net/xforce/xfdb/51614

External Source: OSVDB

Name: 55734

Type: Patch Information

Hyperlink:http://www.osvdb.org/55734

External Source: VUPEN

Name: ADV-2009-1857

Hyperlink:http://www.vupen.com/english/advisories/2009/1857

External Source: BID

Name: 35609

Hyperlink:http://www.securityfocus.com/bid/35609

External Source: BUGTRAQ

Name: 20090708 MySQL <= 5.0.45 post auth format string vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/504799/100/0/threaded

External Source: MANDRIVA

Name: MDVSA-2009:179

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:179

External Source: SECTRACK

Name: 1022533

Hyperlink:http://securitytracker.com/id?1022533

External Source: SECUNIA

Name: 35767

Type: Advisory

Hyperlink:http://secunia.com/advisories/35767

External Source: FULLDISC

Name: 20090708 MySQL <= 5.0.45 post auth format string vulnerability

Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html

Vulnerable software and versions

Configuration 1

* cpe:/a:mysql:mysql:4.1.8a

* cpe:/a:mysql:mysql:4.1.9

* cpe:/a:mysql:mysql:4.1.7

* cpe:/a:mysql:mysql:4.1.8

* cpe:/a:mysql:mysql:4.1.20

* cpe:/a:mysql:mysql:4.1.2:alpha

* cpe:/a:mysql:mysql:4.1.2

* cpe:/a:mysql:mysql:4.1.19

* cpe:/a:mysql:mysql:4.1.18

* cpe:/a:mysql:mysql:4.1.17

* cpe:/a:mysql:mysql:4.1.16

* cpe:/a:mysql:mysql:4.1.15a

* cpe:/a:mysql:mysql:4.1.6

* cpe:/a:mysql:mysql:4.1.23

* cpe:/a:mysql:mysql:4.1.5

* cpe:/a:mysql:mysql:4.1.4

* cpe:/a:mysql:mysql:4.1.3:beta

* cpe:/a:mysql:mysql:4.1.3

* cpe:/a:mysql:mysql:4.1.22

* cpe:/a:mysql:mysql:4.1.21

* cpe:/a:mysql:mysql:4.1.0.0

* cpe:/a:mysql:mysql:4.1.1

* cpe:/a:mysql:mysql:4.1.10

* cpe:/a:mysql:mysql:4.1.10a

* cpe:/a:mysql:mysql:4.0.9:gamma

* cpe:/a:mysql:mysql:4.1

* cpe:/a:mysql:mysql:4.1.0

* cpe:/a:mysql:mysql:4.1.0:alpha

* cpe:/a:mysql:mysql:4.1.13a

* cpe:/a:mysql:mysql:4.1.14

* cpe:/a:mysql:mysql:4.1.14a

* cpe:/a:mysql:mysql:4.1.15

* cpe:/a:mysql:mysql:4.1.11

* cpe:/a:mysql:mysql:4.1.12

* cpe:/a:mysql:mysql:4.1.12a

* cpe:/a:mysql:mysql:4.1.13

* cpe:/a:mysql:mysql:4.0.27

* cpe:/a:mysql:mysql:4.0.26

* cpe:/a:mysql:mysql:4.0.4

* cpe:/a:mysql:mysql:4.0.3

* cpe:/a:mysql:mysql:4.0.23

* cpe:/a:mysql:mysql:4.0.21

* cpe:/a:mysql:mysql:4.0.25

* cpe:/a:mysql:mysql:4.0.24

* cpe:/a:mysql:mysql:4.0.8

* cpe:/a:mysql:mysql:4.0.7:gamma

* cpe:/a:mysql:mysql:4.0.9

* cpe:/a:mysql:mysql:4.0.8:gamma

* cpe:/a:mysql:mysql:4.0.5a

* cpe:/a:mysql:mysql:4.0.5

* cpe:/a:mysql:mysql:4.0.7

* cpe:/a:mysql:mysql:4.0.6

* cpe:/a:mysql:mysql:4.0.1

* cpe:/a:mysql:mysql:4.0.10

* cpe:/a:mysql:mysql:4.0.0

* cpe:/a:mysql:mysql:4.0.12

* cpe:/a:mysql:mysql:4.0.13

* cpe:/a:mysql:mysql:4.0.11

* cpe:/a:mysql:mysql:4.0.11:gamma

* cpe:/a:mysql:mysql:4.0.16

* cpe:/a:mysql:mysql:4.0.17

* cpe:/a:mysql:mysql:4.0.14

* cpe:/a:mysql:mysql:4.0.15

* cpe:/a:mysql:mysql:4.0.2

* cpe:/a:mysql:mysql:4.0.20

* cpe:/a:mysql:mysql:4.0.18

* cpe:/a:mysql:mysql:4.0.19

* cpe:/a:mysql:mysql:5.0.0:alpha

* cpe:/a:mysql:mysql:5.0.0.0

* cpe:/a:mysql:mysql:5.0

* cpe:/a:mysql:mysql:5.0.0

* cpe:/a:mysql:mysql:5.0.14

* cpe:/a:mysql:mysql:5.0.15

* cpe:/a:mysql:mysql:5.0.12

* cpe:/a:mysql:mysql:5.0.13

* cpe:/a:mysql:mysql:5.0.10a

* cpe:/a:mysql:mysql:5.0.11

* cpe:/a:mysql:mysql:5.0.1

* cpe:/a:mysql:mysql:5.0.10

* cpe:/a:mysql:mysql:5.0.30:sp1

* cpe:/a:mysql:mysql:5.0.50

* cpe:/a:mysql:mysql:5.0.45

* cpe:/a:mysql:mysql:5.0.44

* cpe:/a:mysql:mysql:5.0.30

* cpe:/a:mysql:mysql:5.0.42

* cpe:/a:mysql:mysql:5.0.56

* cpe:/a:mysql:mysql:5.0.54

* cpe:/a:mysql:mysql:5.0.52

* cpe:/a:mysql:mysql:5.0.51

* cpe:/a:mysql:mysql:5.0.23

* cpe:/a:mysql:mysql:5.0.38

* cpe:/a:mysql:mysql:5.0.36

* cpe:/a:mysql:mysql:5.0.32

* cpe:/a:mysql:mysql:5.0.25

* cpe:/a:mysql:mysql:5.0.51b

* cpe:/a:mysql:mysql:5.0.51a

* cpe:/a:mysql:mysql:5.0.5.0.21

* cpe:/a:mysql:mysql:5.0.5

* cpe:/a:mysql:mysql:5.0.6

* cpe:/a:mysql:mysql:5.0.9

* cpe:/a:mysql:mysql:5.0.8

* cpe:/a:mysql:mysql:5.0.3:beta

* cpe:/a:mysql:mysql:5.0.3

* cpe:/a:mysql:mysql:5.0.37

* cpe:/a:mysql:mysql:5.0.26

* cpe:/a:mysql:mysql:5.0.33

* cpe:/a:mysql:mysql:5.0.24a

* cpe:/a:mysql:mysql:5.0.4

* cpe:/a:mysql:mysql:5.0.3a

* cpe:/a:mysql:mysql:5.0.4a

* cpe:/a:mysql:mysql:5.0.41

* cpe:/a:mysql:mysql:5.0.2

* cpe:/a:mysql:mysql:5.0.20

* cpe:/a:mysql:mysql:5.0.20a

* cpe:/a:mysql:mysql:5.0.21

* cpe:/a:mysql:mysql:5.0.22

* cpe:/a:mysql:mysql:5.0.22.1.0.1

* cpe:/a:mysql:mysql:5.0.24

* cpe:/a:mysql:mysql:5.0.27

* cpe:/a:mysql:mysql:5.0.15a

* cpe:/a:mysql:mysql:5.0.16

* cpe:/a:mysql:mysql:5.0.16a

* cpe:/a:mysql:mysql:5.0.17

* cpe:/a:mysql:mysql:5.0.17a

* cpe:/a:mysql:mysql:5.0.18

* cpe:/a:mysql:mysql:5.0.19

* cpe:/a:mysql:mysql:5.0.1a

* cpe:/a:mysql:mysql:5.0.7

* cpe:/a:mysql:mysql:5.0.66

* cpe:/a:mysql:mysql:5.0.60

* cpe:/a:mysql:mysql:5.0.75

* cpe:/a:mysql:mysql:5.0.82

* cpe:/a:mysql:mysql:5.0.83

* cpe:/a:mysql:mysql:5.0.81

* cpe:/a:mysql:mysql:5.0.77

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Format String Vulnerability (CWE-134)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446