Debian DSA-1112-1 : mysql-dfsg-4.1 - several vulnerabilities

medium Nessus Plugin ID 22654

Synopsis

The remote Debian host is missing a security-related update.

Description

Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2006-3081 'Kanatoko' discovered that the server can be crashed with feeding NULL values to the str_to_date() function.

- CVE-2006-3469 Jean-David Maillefer discovered that the server can be crashed with specially crafted date_format() function calls.

Solution

Upgrade the mysql-dfsg-4.1 packages.

For the stable distribution (sarge) these problems have been fixed in version 4.1.11a-4sarge5.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694

https://security-tracker.debian.org/tracker/CVE-2006-3081

https://security-tracker.debian.org/tracker/CVE-2006-3469

http://www.debian.org/security/2006/dsa-1112

Plugin Details

Severity: Medium

ID: 22654

File Name: debian_DSA-1112.nasl

Version: 1.16

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 7/18/2006

Vulnerability Publication Date: 6/27/2006

Reference Information

CVE: CVE-2006-3081, CVE-2006-3469

DSA: 1112