Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0903

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-0903
Last Modified 07 Mar 2011 09:31:03
Published 27 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0903

Summary

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.

Vulnerable Systems

Application

  • Mysql 3.23

  • Mysql 3.23.0

  • Mysql 3.23.1

  • Mysql 3.23.10

  • Mysql 3.23.11

  • Mysql 3.23.12

  • Mysql 3.23.13

  • Mysql 3.23.14

  • Mysql 3.23.15

  • Mysql 3.23.16

  • Mysql 3.23.17

  • Mysql 3.23.18

  • Mysql 3.23.19

  • Mysql 3.23.2

  • Mysql 3.23.20

  • Mysql 3.23.21

  • Mysql 3.23.22

  • Mysql 3.23.23

  • Mysql 3.23.24

  • Mysql 3.23.25

  • Mysql 3.23.26

  • Mysql 3.23.27

  • Mysql 3.23.28

  • Mysql 3.23.29

  • Mysql 3.23.3

  • Mysql 3.23.30

  • Mysql 3.23.31

  • Mysql 3.23.32

  • Mysql 3.23.33

  • Mysql 3.23.34

  • Mysql 3.23.35

  • Mysql 3.23.36

  • Mysql 3.23.37

  • Mysql 3.23.38

  • Mysql 3.23.39

  • Mysql 3.23.4

  • Mysql 3.23.40

  • Mysql 3.23.41

  • Mysql 3.23.42

  • Mysql 3.23.43

  • Mysql 3.23.44

  • Mysql 3.23.45

  • Mysql 3.23.46

  • Mysql 3.23.47

  • Mysql 3.23.48

  • Mysql 3.23.49

  • Mysql 3.23.5

  • Mysql 3.23.50

  • Mysql 3.23.51

  • Mysql 3.23.52

  • Mysql 3.23.53

  • Mysql 3.23.54

  • Mysql 3.23.55

  • Mysql 3.23.56

  • Mysql 3.23.57

  • Mysql 3.23.58

  • Mysql 3.23.59

  • Mysql 3.23.6

  • Mysql 3.23.7

  • Mysql 3.23.8

  • Mysql 3.23.9

  • Mysql 4.0.0

  • Mysql 4.0.1

  • Mysql 4.0.10

  • Mysql 4.0.11

  • Mysql 4.0.12

  • Mysql 4.0.13

  • Mysql 4.0.14

  • Mysql 4.0.15

  • Mysql 4.0.16

  • Mysql 4.0.17

  • Mysql 4.0.18

  • Mysql 4.0.19

  • Mysql 4.0.2

  • Mysql 4.0.20

  • Mysql 4.0.21

  • Mysql 4.0.23

  • Mysql 4.0.24

  • Mysql 4.0.25

  • Mysql 4.0.26

  • Mysql 4.0.27

  • Mysql 4.0.3

  • Mysql 4.0.4

  • Mysql 4.0.5

  • Mysql 4.0.5a

  • Mysql 4.0.6

  • Mysql 4.0.7

  • Mysql 4.0.8

  • Mysql 4.0.9

  • Mysql 4.1.0

  • Mysql 4.1.0.0

  • Mysql 4.1.10

  • Mysql 4.1.11

  • Mysql 4.1.12

  • Mysql 4.1.13

  • Mysql 4.1.14

  • Mysql 4.1.15

  • Mysql 4.1.16

  • Mysql 4.1.17

  • Mysql 4.1.18

  • Mysql 4.1.19

  • Mysql 4.1.2

  • Mysql 4.1.3

  • Mysql 4.1.4

  • Mysql 4.1.5

  • Mysql 4.1.6

  • Mysql 4.1.7

  • Mysql 4.1.8

  • Mysql 4.1.9

  • Mysql 5.0.0

  • Mysql 5.0.1

  • Mysql 5.0.10

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.14

  • Mysql 5.0.15

  • Mysql 5.0.16

  • Mysql 5.0.17

  • Mysql 5.0.18

  • Mysql 5.0.2

  • Mysql 5.0.3

  • Mysql 5.0.4

  • Mysql 5.0.5

  • Mysql 5.0.6

  • Mysql 5.0.7

  • Mysql 5.0.8

  • Mysql 5.0.9


References

VUPEN - ADV-2006-0752

BID - 16850

REDHAT - RHSA-2008:0364

SECTRACK - 1015693

SECUNIA - 30351

SECUNIA - 19034

MISC - http://rst.void.ru/papers/advisory39.txt

XF - mysql-query-log-bypass-security(24966)

UBUNTU - USN-274-1

UBUNTU - USN-274-2

REDHAT - RHSA-2007:0083

REDHAT - RHSA-2006:0544

MANDRIVA - MDKSA-2006:064

DEBIAN - DSA-1079

DEBIAN - DSA-1073

DEBIAN - DSA-1071

SECUNIA - 20625

SECUNIA - 20333

SECUNIA - 20253

SECUNIA - 20241

SECUNIA - 19814

SECUNIA - 19502

CONFIRM - http://bugs.mysql.com/bug.php?id=17667

FULLDISC - 20060225 mysql <= 5.0.18


Last Updated: 27 May 2016 10:41:50