MySQL: Denial of Service — GLSA 200608-09

An authenticated user can crash MySQL through invalid parameters to the date_format function.

Affected Packages

dev-db/mysql on all architectures
Affected versions < 4.1.21
Unaffected versions >= 4.1.21, < 4.1.0

Background

MySQL is a popular multi-threaded, multi-user SQL server.

Description

Jean-David Maillefer discovered a format string vulnerability in time.cc where MySQL fails to properly handle specially formatted user input to the date_format function.

Impact

By specifying a format string as the first parameter to the date_format function, an authenticated attacker could cause MySQL to crash, resulting in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All MySQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --verbose --oneshot ">=dev-db/mysql-4.1.21"

References

Release Date
August 06, 2006

Latest Revision
August 07, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries