Executive Summary
Summary | |
---|---|
Title | MySQL vulnerability |
Informations | |||
---|---|---|---|
Name | USN-274-1 | First vendor Publication | 2006-04-27 |
Vendor | Ubuntu | Last vendor Modification | 2006-04-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: mysql-server The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.7 (for Ubuntu 4.10), 4.0.23-3ubuntu2.2 (for Ubuntu 5.04), or 4.0.24-10ubuntu2.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A logging bypass was discovered in the MySQL query parser. A local attacker could exploit this by inserting NUL characters into query strings (even into comments), which would cause the query to be logged incompletely. This only affects you if you enabled the 'log' parameter in the MySQL configuration. |
Original Source
Url : http://www.ubuntu.com/usn/USN-274-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9915 | |||
Oval ID: | oval:org.mitre.oval:def:9915 | ||
Title: | MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | ||
Description: | MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0903 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-03-06 | Name : RedHat Update for mysql RHSA-2008:0364-01 File : nvt/gb_RHSA-2008_0364-01_mysql.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1071-1 (mysql) File : nvt/deb_1071_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1) File : nvt/deb_1073_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1079-1 (mysql-dfsg) File : nvt/deb_1079_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
23526 | MySQL Query NULL Charcter Logging Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080521_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote database server is vulnerable to an authentication bypass attack. File : mysql_5_0_22.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0364.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-553.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-554.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1071.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1073.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1079.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0544.nasl - Type : ACT_GATHER_INFO |
2006-06-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0544.nasl - Type : ACT_GATHER_INFO |
2006-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-274-2.nasl - Type : ACT_GATHER_INFO |
2006-04-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-274-1.nasl - Type : ACT_GATHER_INFO |
2006-04-04 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-064.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:24 |
|