Update Protection against MySQL Server str_to_date DoS Vulnerability
| Check Point Reference: | CPAI-2006-081 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | MYSQL BUGS | |
| Industry Reference(s): | CVE-2006-3081 | |
| Protection Provided by: |
InterSpect
|
|
| Who is Vulnerable? MySQL versions prior to 4.1.18, 5.0.19, and 5.1.6 | ||
| Vulnerability Description The MySQL server fails to properly handle unexpected input submitted to the str_to_date function. This can be triggered by remote attackers to crash affected database servers and deny service to legitimate users. |
||
|
Vulnerability Details Mysqld in several versions of MySQL allows remote users to cause a denial of service via a NULL second argument to the str_to_date function. |
Protection Overview
The update adds the vulnerable SQL command to the Restricted SQL Query Commands list.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on July 5, 2006 includes the follwoing protections:
Malformed SSH Init Message Protection (CPAI-2006-069)
Multiple IMAP Servers Directory Traversal Protection (CPAI-2006-070)
VNC Authentication Bypass Protection (CPAI-2006-071)
COM Object Instantiation Protection (MS06-013) - CPAI-2006-072
COM Object Instantiation Memory Corruption Vulnerability (MS06-021) - CPAI-2006-073
Microsoft JScript Remote Code Execution Protection (MS06-023) - CPAI-2006-074
Symantec Sygate SQL Injection Protection (CPAI-2006-075)
Horde Help Viewer Protection (CPAI-2006-076)
Virtual War (VWar) File Inclusion Protection (CPAI-2006-077)
AWStats Remote Command Execution Protection - CPAI-2006-078
Windows Media Player PNG Protection (MS06-024) - CPAI-2006-079
ART Image Rendering Protection (MS06-022) - CPAI-2006-080
MySQL Server str_to_date DoS Protection (CPAI-2006-081)
Enhanced Protection against AWStats "migrate" Shell Command Injection (CPAI-2006-053)
Additional Logs added to the FTP patterns engine (CPAI-2006-040)
InterSpect NGX
How Can I Protect My Network?
1. Update SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
3. In the SmartDefense tree, click Application Intelligence > MySQL > MySQL Server Protocol and then click Blocked SQL Query Commands. 
4. In the Blocked SQL Query Commands, activate the STR_TO_DATE command. 
5. Install security policy on all nodules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MySQL Restricted Command
Attack Information: Restricted MySQL command was detected