• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: MySQL Server Str_To_Date Remote Denial Of Service Vulnerability

Severity: MODERATE

Description:

MySQL is a freely available SQL database that is available for multiple platforms.

MySQL is susceptible to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input.

Specifically, if the 'str_to_date()' SQL function is called with '1, NULL' or 'NULL, 1' arguments, the database server will crash.

This issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers.

Attackers may exploit this issue in conjunction with latent SQL-injection vulnerabilities in other applications.

Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable to this issue.

Affected Products:

• Apple Mac OS X 10.4.0
• Apple Mac OS X 10.4.1
• Apple Mac OS X 10.4.2
• Apple Mac OS X 10.4.3
• Apple Mac OS X 10.4.4
• Apple Mac OS X 10.4.5
• Apple Mac OS X 10.4.6
• Apple Mac OS X 10.4.7
• Apple Mac OS X 10.4.8
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MySQL AB MySQL 4.0.18
• MySQL AB MySQL 4.1.11
• MySQL AB MySQL 4.1.12
• MySQL AB MySQL 4.1.13
• MySQL AB MySQL 4.1.15
• MySQL AB MySQL 4.1.16
• MySQL AB MySQL 4.1.4
• MySQL AB MySQL 4.1.5
• MySQL AB MySQL 4.1.7
• MySQL AB MySQL 5.0.0 .0-0
• MySQL AB MySQL 5.0.1
• MySQL AB MySQL 5.0.18
• MySQL AB MySQL 5.0.2
• MySQL AB MySQL 5.0.3
• MySQL AB MySQL 5.0.4
• MySQL AB MySQL 5.1.5
• Ubuntu Ubuntu Linux 5.10.0 amd64
• Ubuntu Ubuntu Linux 5.10.0 i386
• Ubuntu Ubuntu Linux 5.10.0 powerpc
• Ubuntu Ubuntu Linux 5.10.0 sparc

References:

• MySQL: Changes in release 4.1.18 (27 January 2006)
• MySQL: Changes in release 5.0.19 (04 March 2006)
• MySQL: Changes in release 5.1.6 (01 February 2006)
• MySQL AB: MySQL Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.