CVE-2009-2446
published 2009-07-13CVE-2009-2446: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote…
PriorityP344high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
10.59%
95.2th percentile
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Affected
111 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
CVSS provenance
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
vendor_redhat8.5HIGH
vendor_ubuntu4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q8wr-mc75-9wjp: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse
ghsa_unreviewed·2022-05-02
CVE-2009-2446 [HIGH] CWE-134 GHSA-q8wr-mc75-9wjp: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2010-02-10·CVSS 4.6
CVE-2008-7247 [MEDIUM] MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: MySQL vulnerabilities
It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the DATA
DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks.
This update alters table creation behaviour by disallowing the use of the
MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This
issue only affected Ubuntu 8.10. (CVE-2008-4098)
It was discovered that MySQL contained a cross-site scripting vulnerability
in the command-line client when the --html option is enabled. An attacker
could place arbitrary web script or html in a database cell, which would
then get placed in the html document output by the command-line tool. This
issue only affected Ubuntu
Red Hat
MySQL: Format string vulnerability by manipulation with database instances (crash)
vendor_redhat·2009-07-09·CVSS 8.5
CVE-2009-2446 [HIGH] MySQL: Format string vulnerability by manipulation with database instances (crash)
MySQL: Format string vulnerability by manipulation with database instances (crash)
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446
The Red Hat Product Security has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat E
No detection rules found.
arXiv
Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs
arxiv_fulltext·2024-02-05
Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs
IEEEexample:BSTcontrol
Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs
Marwa Salayma, Member, IEEE\ of Computing, Imperial College London
London, United Kingdom
This work was supported by PETRAS National Centre of Excellence for IoT Systems Cybersecurity (PETRAS 2), Grant number is EP/S035362/1.
## Abstract
This work presents a threat modelling approach to represent changes to the attack paths through an Internet of Things (IoT) environment when the environment changes dynamically, i.e., when new devices are added or removed from the system or when whole sub-systems join or leave. The proposed approach investigates the propagation of threats using attack graphs. However, traditional attack graph approaches have been applied in static environments tha
arXiv
Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs
arxiv_fulltext·2021-03-18
Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs
Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs
Stochastic Simulation for Bayesian Attack Graphs
Isaac Matthews1,2
Sadegh Soudjani1
Aad van Moorsel1
I. Matthews et al.
School of Computing, Newcastle University, United Kingdom
[email protected]
## Abstract
A vulnerability scan combined with information about a computer network can be used to create an attack graph, a model of how the elements of a network could be used in an attack to reach specific states or goals in the network. These graphs can be understood probabilistically by turning them into Bayesian attack graphs, making it possible to quantitatively analyse the security of large networks. In the event of an attack, probabilities on the graph change depending on th
arXiv
Cyclic Bayesian Attack Graphs: A Systematic Computational Approach
arxiv_fulltext·2020-05-13
Cyclic Bayesian Attack Graphs: A Systematic Computational Approach
Cyclic Bayesian Attack Graphs: A Systematic
Computational Approach
Isaac Matthews
Newcastle University
Newcastle upon Tyne, U.K.
[email protected]
John Mace
Newcastle University
Newcastle upon Tyne, U.K.
Sadegh Soudjani
Newcastle University
Newcastle upon Tyne, U.K.
Aad van Moorsel
Newcastle University
Newcastle upon Tyne, U.K.
## Abstract
Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security.
A challenge with these automatically generated BAGs is that cycles arise naturally,
Bugzilla
CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)
bugzilla·2009-07-13·CVSS 8.5
CVE-2009-2446 [HIGH] CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)
CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash)
A format string vulnerability was found in the way MySQL server used to log
user commands, performed by creation and deletion of a database. A valid
MySQL user could formulate a specially-crafted SQL command, which would
lead to denial of service (mysqld crash) or, potentially execute arbitrary
code, with the privileges of the mysql client, when processed by the mysqld
daemon.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536726
http://seclists.org/fulldisclosure/2009/Jul/0058.html
Discussion:
Sweet :-(. The original report is much too conservative about the range of versions exhibiting the bug. I find the same code from 3.23.58 up through 5.0.83. It's also in 5.1.36, althoug
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://secunia.com/advisories/35767http://secunia.com/advisories/36566http://secunia.com/advisories/38517http://securitytracker.com/id?1022533http://support.apple.com/kb/HT4077http://ubuntu.com/usn/usn-897-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:179http://www.osvdb.org/55734http://www.redhat.com/support/errata/RHSA-2009-1289.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0110.htmlhttp://www.securityfocus.com/archive/1/504799/100/0/threadedhttp://www.securityfocus.com/bid/35609http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2009/1857https://exchange.xforce.ibmcloud.com/vulnerabilities/51614https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://secunia.com/advisories/35767http://secunia.com/advisories/36566http://secunia.com/advisories/38517http://securitytracker.com/id?1022533http://support.apple.com/kb/HT4077http://ubuntu.com/usn/usn-897-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:179http://www.osvdb.org/55734http://www.redhat.com/support/errata/RHSA-2009-1289.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0110.htmlhttp://www.securityfocus.com/archive/1/504799/100/0/threadedhttp://www.securityfocus.com/bid/35609http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2009/1857https://exchange.xforce.ibmcloud.com/vulnerabilities/51614https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11857
2009-07-13
Published