Executive Summary
Summary | |
---|---|
Title | New MySQL 3.23 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1071 | First vendor Publication | 2006-05-22 |
Vendor | Debian | Last vendor Modification | 2006-05-22 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-0903 Improper handling of SQL queries containing the NULL character allow local users to bypass logging mechanisms. CVE-2006-1516 Usernames without a trailing null byte allow remote attackers to read portions of memory. CVE-2006-1517 A request with an incorrect packet length allows remote attackers to obtain sensitive information. CVE-2006-1518 Specially crafted request packets with invalid length values allow the execution of arbitrary code. The following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed: woody sarge sid mysql 3.23.49-8.15 n/a n/a mysql-dfsg n/a 4.0.24-10sarge2 n/a mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a mysql-dfsg-5.0 n/a n/a 5.0.21-3 We recommend that you upgrade your mysql packages. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1071 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11036 | |||
Oval ID: | oval:org.mitre.oval:def:11036 | ||
Title: | sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | ||
Description: | sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-1517 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9915 | |||
Oval ID: | oval:org.mitre.oval:def:9915 | ||
Title: | MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | ||
Description: | MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0903 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9918 | |||
Oval ID: | oval:org.mitre.oval:def:9918 | ||
Title: | The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | ||
Description: | The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-1516 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-03-06 | Name : RedHat Update for mysql RHSA-2008:0364-01 File : nvt/gb_RHSA-2008_0364-01_mysql.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-13 (MySQL) File : nvt/glsa_200605_13.nasl |
2008-09-04 | Name : FreeBSD Ports: mysql-server File : nvt/freebsd_mysql-server10.nasl |
2008-09-04 | Name : FreeBSD Ports: mysql-server File : nvt/freebsd_mysql-server8.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1071-1 (mysql) File : nvt/deb_1071_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1) File : nvt/deb_1073_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1079-1 (mysql-dfsg) File : nvt/deb_1079_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-129-02 mysql File : nvt/esoft_slk_ssa_2006_129_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-155-01 mysql File : nvt/esoft_slk_ssa_2006_155_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
25228 | MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure MySQL contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious client sends a specially crafted invalid login or COM_TABLE_DUMP packets, which will disclose arbitrary memory in error messages resulting in a loss of confidentiality. |
25227 | MySQL COM_TABLE_DUMP Packet Overflow |
25226 | MySQL Malformed Login Packet Remote Memory Disclosure |
23526 | MySQL Query NULL Charcter Logging Bypass |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | login handshake information disclosure attempt RuleID : 16020 - Revision : 13 - Type : SERVER-MYSQL |
2014-01-10 | MySQL COM_TABLE_DUMP Function Stack Overflow attempt RuleID : 11619 - Revision : 7 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080521_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote database server is vulnerable to an authentication bypass attack. File : mysql_5_0_22.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_21.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0364.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-306-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_mysql-1312.nasl - Type : ACT_GATHER_INFO |
2007-03-13 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_9.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_036.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-553.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-554.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1071.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1073.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1079.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0544.nasl - Type : ACT_GATHER_INFO |
2006-06-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0544.nasl - Type : ACT_GATHER_INFO |
2006-06-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-155-01.nasl - Type : ACT_GATHER_INFO |
2006-06-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4913886ce87511dab9f400123ffe8333.nasl - Type : ACT_GATHER_INFO |
2006-06-04 | Name : The remote database server is affected by an information disclosure flaw. File : mysql_anonymous_login_handshake_info_leakage.nasl - Type : ACT_ATTACK |
2006-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-274-2.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-084.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-13.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a8d8713edc8311daa22b000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-283-1.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-129-02.nasl - Type : ACT_GATHER_INFO |
2006-04-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-274-1.nasl - Type : ACT_GATHER_INFO |
2006-04-04 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-064.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:25:49 |
|