Vulnerability Name:

CVE-2006-3469 (CCN-27904)

Assigned:2006-06-27
Published:2006-06-27
Updated:2019-12-17
Summary:Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-134
Vulnerability Consequences:Denial of Service
References:Source: MISC
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694

Source: CCN
Type: MySQL Bug #20729
Bad date_format() call makes mysql server crash

Source: MISC
Type: UNKNOWN
http://bugs.mysql.com/bug.php?id=20729

Source: MITRE
Type: CNA
CVE-2006-3469

Source: CCN
Type: MySQL 3.23, 4.0, 4.1 Reference Manual
D.1.2. Changes in release 4.1.21 (Not yet released)

Source: CONFIRM
Type: UNKNOWN
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

Source: CCN
Type: Mac OS X 10.4.9 and Security Update 2007-003
About the security content of Mac OS X 10.4.9 and Security Update 2007-003

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=305214

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-03-13

Source: CCN
Type: RHSA-2008-0768
Moderate: mysql security, bug fix, and enhancement update

Source: SECUNIA
Type: Vendor Advisory
21147

Source: SECUNIA
Type: Vendor Advisory
21366

Source: CCN
Type: SA24479
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
24479

Source: SECUNIA
Type: Vendor Advisory
31226

Source: GENTOO
Type: UNKNOWN
GLSA-200608-09

Source: CCN
Type: ASA-2008-327
mysql security update (RHSA-2008-0768)

Source: CCN
Type: Apple Mac OS X Web site
Apple - Apple - Mac OS X - Leopard Sneak Peek

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1112

Source: DEBIAN
Type: DSA-1112
mysql-dfsg-4.1 -- several vulnerabilities

Source: CCN
Type: GLSA-200608-09
MySQL: Denial of Service

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0768

Source: BID
Type: UNKNOWN
19032

Source: CCN
Type: BID-19032
MySQL Server Date_Format Denial Of Service Vulnerability

Source: CCN
Type: USN-321-1
mysql-dfsg-4.1 vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-321-1

Source: CERT
Type: US Government Resource
TA07-072A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-0930

Source: XF
Type: UNKNOWN
mysql-dateformat-format-string(27904)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9827

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:4.1.8:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.12:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.13:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.14:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.15:-:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.13:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.12:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9827
    V
    		Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
    2013-04-29
    oval:com.redhat.rhsa:def:20080768
    P
    		RHSA-2008:0768: mysql security, bug fix, and enhancement update (Moderate)
    2008-07-24
    oval:org.debian:def:1112
    V
    		several vulnerabilities
    2006-07-18
    BACK
    mysql mysql 4.1.8
    mysql mysql 4.1.12
    mysql mysql 4.1.13
    mysql mysql 4.1.14
    mysql mysql 4.1.15
    mysql mysql 5.0.5.0.21
    mysql mysql 5.0.10
    mysql mysql 5.0.15
    mysql mysql 5.0.16
    mysql mysql 5.0.17
    oracle mysql 4.1.6
    oracle mysql 4.1.7
    oracle mysql 4.1.9
    oracle mysql 4.1.11
    oracle mysql 4.1.16
    oracle mysql 4.1.18
    oracle mysql 4.1.19
    oracle mysql 4.1.20
    oracle mysql 5.0.6
    oracle mysql 5.0.9
    oracle mysql 5.0.11
    oracle mysql 5.0.12
    oracle mysql 5.0.13
    oracle mysql 5.0.18
    oracle mysql 5.0.19
    mysql mysql 4.0.18
    mysql mysql 4.1.13
    mysql mysql 5.0.18
    mysql mysql 4.1.11
    mysql mysql 4.1.12
    mysql mysql 4.1.15
    mysql mysql 4.1.16
    mysql mysql 4.1.4
    mysql mysql 4.1.5
    mysql mysql 4.1.7
    mysql mysql 5.0.0.0
    mysql mysql 5.0.1
    mysql mysql 5.0.2
    mysql mysql 5.0.3
    mysql mysql 5.0.4
    mysql mysql 5.1.5
    gentoo linux *
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1