CVE-2009-2446

Note

grep -r 'mysql_log.write(thd,command,packet)' ./* shows all of 5.0
are likely affected
PoC: http://seclists.org/fulldisclosure/2009/Jul/0058.html
re-classifying as low as a bunch of non-default conditions need
to be met. See redhat bug.
Doesn't affect 5.1 per mysql bug

Package	Release	Status
mysql-5.1 Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Not vulnerable (5.1.41-3ubuntu2)
	natty	Not vulnerable (5.1.41-3ubuntu2)
	upstream	Needs triage
mysql-dfsg-5.0 Launchpad, Ubuntu, Debian	dapper	Released (5.0.22-0ubuntu6.06.12)
	hardy	Released (5.0.51a-3ubuntu5.5)
	intrepid	Released (5.0.67-0ubuntu6.1)
	jaunty	Released (5.1.30really5.0.75-0ubuntu10.3)
	karmic	Ignored (end of life)
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	upstream	Released (5.0.84)
	Patches: upstream: http://lists.mysql.com/commits/77649 vendor: http://patch-tracker.debian.org/patch/series/view/mysql-dfsg-5.0/5.0.51a-24+lenny2/95_SECURITY_CVE-2009-2446.dpatch
mysql-dfsg-5.1 Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Not vulnerable (5.1.31-1ubuntu2)
	karmic	Not vulnerable (5.1.37-1ubuntu5)
	lucid	Not vulnerable (5.1.41-3ubuntu2)
	maverick	Does not exist
	natty	Does not exist
	upstream	Needs triage

CVE-2009-2446

Notes

Priority

Status

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading