ID CVE-2006-1516
Summary The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
References
Vulnerable Configurations
  • MySQL MySQL 4.0.0
    cpe:2.3:a:mysql:mysql:4.0.0
  • MySQL MySQL 4.0.1
    cpe:2.3:a:mysql:mysql:4.0.1
  • MySQL MySQL 4.0.2
    cpe:2.3:a:mysql:mysql:4.0.2
  • MySQL MySQL 4.0.3
    cpe:2.3:a:mysql:mysql:4.0.3
  • MySQL MySQL 4.0.4
    cpe:2.3:a:mysql:mysql:4.0.4
  • MySQL MySQL 4.0.5
    cpe:2.3:a:mysql:mysql:4.0.5
  • MySQL MySQL 4.0.5a
    cpe:2.3:a:mysql:mysql:4.0.5a
  • MySQL MySQL 4.0.6
    cpe:2.3:a:mysql:mysql:4.0.6
  • MySQL MySQL 4.0.7
    cpe:2.3:a:mysql:mysql:4.0.7
  • MySQL MySQL 4.0.7 gamma
    cpe:2.3:a:mysql:mysql:4.0.7:gamma
  • MySQL MySQL 4.0.8
    cpe:2.3:a:mysql:mysql:4.0.8
  • MySQL MySQL 4.0.8 gamma
    cpe:2.3:a:mysql:mysql:4.0.8:gamma
  • MySQL MySQL 4.0.9
    cpe:2.3:a:mysql:mysql:4.0.9
  • MySQL MySQL 4.0.9 gamma
    cpe:2.3:a:mysql:mysql:4.0.9:gamma
  • MySQL MySQL 4.0.10
    cpe:2.3:a:mysql:mysql:4.0.10
  • MySQL MySQL 4.0.11
    cpe:2.3:a:mysql:mysql:4.0.11
  • MySQL MySQL 4.0.11 gamma
    cpe:2.3:a:mysql:mysql:4.0.11:gamma
  • MySQL MySQL 4.0.12
    cpe:2.3:a:mysql:mysql:4.0.12
  • MySQL MySQL 4.0.13
    cpe:2.3:a:mysql:mysql:4.0.13
  • MySQL MySQL 4.0.14
    cpe:2.3:a:mysql:mysql:4.0.14
  • MySQL MySQL 4.0.15
    cpe:2.3:a:mysql:mysql:4.0.15
  • MySQL MySQL 4.0.16
    cpe:2.3:a:mysql:mysql:4.0.16
  • MySQL MySQL 4.0.17
    cpe:2.3:a:mysql:mysql:4.0.17
  • MySQL MySQL 4.0.18
    cpe:2.3:a:mysql:mysql:4.0.18
  • MySQL MySQL 4.0.19
    cpe:2.3:a:mysql:mysql:4.0.19
  • MySQL MySQL 4.0.20
    cpe:2.3:a:mysql:mysql:4.0.20
  • MySQL MySQL 4.0.21
    cpe:2.3:a:mysql:mysql:4.0.21
  • MySQL MySQL 4.0.23
    cpe:2.3:a:mysql:mysql:4.0.23
  • MySQL MySQL 4.0.24
    cpe:2.3:a:mysql:mysql:4.0.24
  • MySQL MySQL 4.0.25
    cpe:2.3:a:mysql:mysql:4.0.25
  • MySQL MySQL 4.0.26
    cpe:2.3:a:mysql:mysql:4.0.26
  • MySQL MySQL 4.1
    cpe:2.3:a:mysql:mysql:4.1
  • MySQL MySQL 4.1.0 alpha
    cpe:2.3:a:mysql:mysql:4.1.0:alpha
  • MySQL MySQL 4.1.0.0
    cpe:2.3:a:mysql:mysql:4.1.0.0
  • MySQL MySQL 4.1.2 alpha
    cpe:2.3:a:mysql:mysql:4.1.2:alpha
  • MySQL MySQL 4.1.3
    cpe:2.3:a:mysql:mysql:4.1.3
  • MySQL MySQL 4.1.3 beta
    cpe:2.3:a:mysql:mysql:4.1.3:beta
  • MySQL MySQL 4.1.4
    cpe:2.3:a:mysql:mysql:4.1.4
  • MySQL MySQL 4.1.5
    cpe:2.3:a:mysql:mysql:4.1.5
  • MySQL MySQL 4.1.6
    cpe:2.3:a:mysql:mysql:4.1.6
  • MySQL MySQL 4.1.7
    cpe:2.3:a:mysql:mysql:4.1.7
  • MySQL MySQL 4.1.8
    cpe:2.3:a:mysql:mysql:4.1.8
  • MySQL MySQL 4.1.9
    cpe:2.3:a:mysql:mysql:4.1.9
  • MySQL MySQL 4.1.10
    cpe:2.3:a:mysql:mysql:4.1.10
  • MySQL MySQL 4.1.10a
    cpe:2.3:a:mysql:mysql:4.1.10a
  • MySQL MySQL 4.1.11
    cpe:2.3:a:mysql:mysql:4.1.11
  • MySQL MySQL 4.1.12
    cpe:2.3:a:mysql:mysql:4.1.12
  • MySQL MySQL 4.1.13
    cpe:2.3:a:mysql:mysql:4.1.13
  • MySQL MySQL 4.1.14
    cpe:2.3:a:mysql:mysql:4.1.14
  • MySQL MySQL 4.1.15
    cpe:2.3:a:mysql:mysql:4.1.15
  • MySQL MySQL 4.1.16
    cpe:2.3:a:mysql:mysql:4.1.16
  • MySQL MySQL 4.1.17
    cpe:2.3:a:mysql:mysql:4.1.17
  • MySQL MySQL 4.1.18
    cpe:2.3:a:mysql:mysql:4.1.18
  • MySQL 5.0
    cpe:2.3:a:mysql:mysql:5.0
  • MySQL MySQL 5.0.0 alpha
    cpe:2.3:a:mysql:mysql:5.0.0:alpha
  • MySQL MySQL 5.0.0.0
    cpe:2.3:a:mysql:mysql:5.0.0.0
  • MySQL MySQL 5.0.1
    cpe:2.3:a:mysql:mysql:5.0.1
  • MySQL MySQL 5.0.2
    cpe:2.3:a:mysql:mysql:5.0.2
  • MySQL MySQL 5.0.3
    cpe:2.3:a:mysql:mysql:5.0.3
  • MySQL MySQL 5.0.3 Beta
    cpe:2.3:a:mysql:mysql:5.0.3:beta
  • MySQL MySQL 5.0.4
    cpe:2.3:a:mysql:mysql:5.0.4
  • MySQL MySQL 5.0.5
    cpe:2.3:a:mysql:mysql:5.0.5
  • MySQL MySQL 5.0.6
    cpe:2.3:a:mysql:mysql:5.0.6
  • MySQL MySQL 5.0.7
    cpe:2.3:a:mysql:mysql:5.0.7
  • MySQL MySQL 5.0.8
    cpe:2.3:a:mysql:mysql:5.0.8
  • MySQL MySQL 5.0.9
    cpe:2.3:a:mysql:mysql:5.0.9
  • MySQL MySQL 5.0.10
    cpe:2.3:a:mysql:mysql:5.0.10
  • MySQL MySQL 5.0.11
    cpe:2.3:a:mysql:mysql:5.0.11
  • MySQL MySQL 5.0.12
    cpe:2.3:a:mysql:mysql:5.0.12
  • MySQL MySQL 5.0.13
    cpe:2.3:a:mysql:mysql:5.0.13
  • MySQL MySQL 5.0.14
    cpe:2.3:a:mysql:mysql:5.0.14
  • MySQL MySQL 5.0.15
    cpe:2.3:a:mysql:mysql:5.0.15
  • MySQL MySQL 5.0.16
    cpe:2.3:a:mysql:mysql:5.0.16
  • MySQL MySQL 5.0.17
    cpe:2.3:a:mysql:mysql:5.0.17
  • MySQL MySQL 5.0.18
    cpe:2.3:a:mysql:mysql:5.0.18
CVSS
Base: 5.0 (as of 05-05-2006 - 15:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit. CVE-2006-1516. Remote exploit for linux platform
id EDB-ID:1742
last seen 2016-01-31
modified 2006-05-02
published 2006-05-02
reporter Stefano Di Paola
source https://www.exploit-db.com/download/1742/
title MySQL <= 4.1.18 / 5.0.20 - Local/Remote Information Leakage Exploit
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-1312.NASL
    description Attackers could read portions of memory by using a user name with trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516, CVE-2006-1517). Attackers could execute arbitrary code by causing a buffer overflow via specially crafted COM_TABLE_DUMP packets (CVE-2006-1518).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27356
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27356
    title openSUSE 10 Security Update : mysql (mysql-1312)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-155-01.NASL
    description New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues. The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages, and was already patched in Slackware 10.2 and -current. Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 21639
    published 2006-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21639
    title Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : mysql (SSA:2006-155-01)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_9.NASL
    description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 24811
    published 2007-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24811
    title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-306-1.NASL
    description MySQL did not correctly handle NULL as the second argument to the str_to_date() function. An authenticated user could exploit this to crash the server. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27881
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27881
    title Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-306-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4913886CE87511DAB9F400123FFE8333.NASL
    description Secunia reports : MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system. 1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process. 2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution. 3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 21633
    published 2006-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21633
    title FreeBSD : MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities (4913886c-e875-11da-b9f4-00123ffe8333)
  • NASL family Databases
    NASL id MYSQL_5_0_21.NASL
    description The version of MySQL installed on the remote host is earlier than 4.0.27 / 4.1.19 / 5.0.21. As such, it is potentially affected by the following vulnerabilities : - A remote attacker may be able to read portions of memory by sending a specially crafted login packet in which the username does not have a trailing NULL. (CVE-2006-1516) - A remote attacker may be able to read portions of memory by sending a specially crafted COM_TABLE_DUMP request with an incorrect packet length. (CVE-2006-1517) - A buffer overflow in the 'open_table()' function could allow a remote, authenticated attacker to execute arbitrary code via specially crafted COM_TABLE_DUMP packets. (CVE-2006-1518)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17697
    published 2011-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17697
    title MySQL < 4.0.27 / 4.1.19 / 5.0.21 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200605-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-200605-13 (MySQL: Information leakage) The processing of the COM_TABLE_DUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact : By crafting specific malicious packets an attacker could gather confidential information from the memory of a MySQL server process, for example results of queries by other users or applications. By using PHP code injection or similar techniques it would be possible to exploit this flaw through web applications that use MySQL as a database backend. Note that on 5.x versions it is possible to overwrite the stack and execute arbitrary code with this technique. Users of MySQL 5.x are urged to upgrade to the latest available version. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 21355
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21355
    title GLSA-200605-13 : MySQL: Information leakage
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-084.NASL
    description The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. (CVE-2006-1516) sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. (CVE-2006-1517) Updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21359
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21359
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2006:084)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1079.NASL
    description Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms. - CVE-2006-1516 Usernames without a trailing null byte allow remote attackers to read portions of memory. - CVE-2006-1517 A request with an incorrect packet length allows remote attackers to obtain sensitive information. - CVE-2006-1518 Specially crafted request packets with invalid length values allow the execution of arbitrary code. The following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed : woody sarge sid mysql 3.23.49-8.15 n/a n/a mysql-dfsg n/a 4.0.24-10sarge2 n/a mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a mysql-dfsg-5.0 n/a n/a 5.0.21-3
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22621
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22621
    title Debian DSA-1079-1 : mysql-dfsg - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0544.NASL
    description Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22000
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22000
    title CentOS 4 : mysql (CESA-2006:0544)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-129-02.NASL
    description New mysql packages are available for Slackware 10.2 and -current to fix security issues. The MySQL package shipped with Slackware 10.2 may possibly leak sensitive information found in uninitialized memory to authenticated users. The MySQL package previously in Slackware -current also suffered from these flaws, but an additional overflow could allow arbitrary code execution. Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 21345
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21345
    title Slackware 10.2 / current : mysql (SSA:2006-129-02)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-283-1.NASL
    description Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516) Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request. (CVE-2006-1517). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 21377
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21377
    title Ubuntu 5.04 / 5.10 : mysql-dfsg-4.1, mysql-dfsg vulnerabilities (USN-283-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1073.NASL
    description Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms. - CVE-2006-1516 Usernames without a trailing null byte allow remote attackers to read portions of memory. - CVE-2006-1517 A request with an incorrect packet length allows remote attackers to obtain sensitive information. - CVE-2006-1518 Specially crafted request packets with invalid length values allow the execution of arbitrary code. The following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed : woody sarge sid mysql 3.23.49-8.15 n/a n/a mysql-dfsg n/a 4.0.24-10sarge2 n/a mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a mysql-dfsg-5.0 n/a n/a 5.0.21-3
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22615
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22615
    title Debian DSA-1073-1 : mysql-dfsg-4.1 - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0544.NASL
    description Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 21683
    published 2006-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21683
    title RHEL 4 : mysql (RHSA-2006:0544)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1071.NASL
    description Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms. - CVE-2006-1516 Usernames without a trailing null byte allow remote attackers to read portions of memory. - CVE-2006-1517 A request with an incorrect packet length allows remote attackers to obtain sensitive information. - CVE-2006-1518 Specially crafted request packets with invalid length values allow the execution of arbitrary code. The following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed : woody sarge sid mysql 3.23.49-8.15 n/a n/a mysql-dfsg n/a 4.0.24-10sarge2 n/a mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a mysql-dfsg-5.0 n/a n/a 5.0.21-3
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22613
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22613
    title Debian DSA-1071-1 : mysql - several vulnerabilities
  • NASL family Databases
    NASL id MYSQL_ANONYMOUS_LOGIN_HANDSHAKE_INFO_LEAKAGE.NASL
    description The MySQL database server on the remote host reads from uninitialized memory when processing a specially crafted login packet. An unauthenticated attacker may be able to exploit this flaw to obtain sensitive information from the affected host as returned in an error packet.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 21632
    published 2006-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21632
    title MySQL Anonymous Login Handshake Remote Information Disclosure
oval via4
accepted 2013-04-29T04:23:18.906-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
family unix
id oval:org.mitre.oval:def:9918
status accepted
submitted 2010-07-09T03:56:16-04:00
title The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
version 23
redhat via4
advisories
rhsa
id RHSA-2006:0544
refmap via4
apple APPLE-SA-2007-03-13
bid 17780
bugtraq
  • 20060502 MySQL Anonymous Login Handshake - Information Leakage.
  • 20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage
cert TA07-072A
confirm
debian
  • DSA-1071
  • DSA-1073
  • DSA-1079
gentoo GLSA-200605-13
mandriva MDKSA-2006:084
misc http://www.wisec.it/vulns.php?page=7
sectrack 1016017
secunia
  • 19929
  • 20002
  • 20073
  • 20076
  • 20223
  • 20241
  • 20253
  • 20333
  • 20424
  • 20457
  • 20625
  • 20762
  • 24479
  • 29847
slackware SSA:2006-155-01
sreason 840
sunalert 236703
suse
  • SUSE-SA:2006:036
  • SUSE-SR:2006:012
trustix 2006-0028
ubuntu USN-283-1
vupen
  • ADV-2006-1633
  • ADV-2007-0930
  • ADV-2008-1326
xf mysql-login-packet-info-disclosure(26236)
Last major update 07-03-2011 - 21:33
Published 05-05-2006 - 08:46
Last modified 18-10-2018 - 12:32
Back to Top