Intrusion Prevention

Mysql.Date_format.Function.DoS

Description

This indicates an attack attempt to exploit a format string vulnerability in MySQL Server.
The vulnerability is a result of the application's failure to properly sanitize first parameter of the date_format function. As a result, a remote attacker can send a crafted query to crash the vulnerable server.

Affected Products

MySQL AB MySQL 4.1.20 and prior
MySQL AB MySQL 5.0.20 and prior
MySQL AB MySQL 5.1.8 and prior

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version,available from the web site.
http://dev.mysql.com/downloads/

CVE References

CVE-2006-3469