Check Point Advisories

Update Protection against MySQL Server str_to_date DoS Vulnerability

Check Point Reference: CPAI-2006-081
Date Published: 5 Jul 2006
Severity: Medium
Last Updated: 15 May 2007
Industry Reference:CVE-2006-3081
Protection Provided by:
Who is Vulnerable? MySQL versions prior to 4.1.18, 5.0.19, and 5.1.6
Vulnerability Description The MySQL server fails to properly handle unexpected input submitted to the str_to_date function.
This can be triggered by remote attackers to crash affected database servers and deny service to legitimate users.  
Vulnerability DetailsMysqld in several versions of MySQL allows remote users to cause a denial of service via a NULL second argument to the str_to_date function.

Protection Overview