Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1516

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1516
Last Modified 07 Mar 2011 09:33:14
Published 05 May 2006 08:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1516

Summary

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

Vulnerable Systems

Application

  • Mysql 4.0.0

  • Mysql 4.0.1

  • Mysql 4.0.10

  • Mysql 4.0.11

  • Mysql 4.0.12

  • Mysql 4.0.13

  • Mysql 4.0.14

  • Mysql 4.0.15

  • Mysql 4.0.16

  • Mysql 4.0.17

  • Mysql 4.0.18

  • Mysql 4.0.19

  • Mysql 4.0.2

  • Mysql 4.0.20

  • Mysql 4.0.21

  • Mysql 4.0.23

  • Mysql 4.0.24

  • Mysql 4.0.25

  • Mysql 4.0.26

  • Mysql 4.0.3

  • Mysql 4.0.4

  • Mysql 4.0.5

  • Mysql 4.0.5a

  • Mysql 4.0.6

  • Mysql 4.0.7

  • Mysql 4.0.8

  • Mysql 4.0.9

  • Mysql 4.1

  • Mysql 4.1.0

  • Mysql 4.1.0.0

  • Mysql 4.1.10

  • Mysql 4.1.10a

  • Mysql 4.1.11

  • Mysql 4.1.12

  • Mysql 4.1.13

  • Mysql 4.1.14

  • Mysql 4.1.15

  • Mysql 4.1.16

  • Mysql 4.1.17

  • Mysql 4.1.18

  • Mysql 4.1.2

  • Mysql 4.1.3

  • Mysql 4.1.4

  • Mysql 4.1.5

  • Mysql 4.1.6

  • Mysql 4.1.7

  • Mysql 4.1.8

  • Mysql 4.1.9

  • Mysql 5.0

  • Mysql 5.0.0

  • Mysql 5.0.0.0

  • Mysql 5.0.1

  • Mysql 5.0.10

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.14

  • Mysql 5.0.15

  • Mysql 5.0.16

  • Mysql 5.0.17

  • Mysql 5.0.18

  • Mysql 5.0.2

  • Mysql 5.0.3

  • Mysql 5.0.4

  • Mysql 5.0.5

  • Mysql 5.0.6

  • Mysql 5.0.7

  • Mysql 5.0.8

  • Mysql 5.0.9


References

CERT - TA07-072A

MISC - http://www.wisec.it/vulns.php?page=7

SECTRACK - 1016017

SECUNIA - 19929

CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html

VUPEN - ADV-2008-1326

VUPEN - ADV-2007-0930

VUPEN - ADV-2006-1633

BUGTRAQ - 20060502 MySQL Anonymous Login Handshake - Information Leakage.

CONFIRM - http://bugs.debian.org/365938

XF - mysql-login-packet-info-disclosure(26236)

UBUNTU - USN-283-1

TRUSTIX - 2006-0028

BID - 17780

BUGTRAQ - 20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage

REDHAT - RHSA-2006:0544

SUSE - SUSE-SR:2006:012

MANDRIVA - MDKSA-2006:084

GENTOO - GLSA-200605-13

DEBIAN - DSA-1079

DEBIAN - DSA-1073

DEBIAN - DSA-1071

SUNALERT - 236703

SLACKWARE - SSA:2006-155-01

SREASON - 840

SECUNIA - 29847

SECUNIA - 24479

SECUNIA - 20762

SECUNIA - 20625

SECUNIA - 20457

SECUNIA - 20424

SECUNIA - 20333

SECUNIA - 20253

SECUNIA - 20241

SECUNIA - 20223

SECUNIA - 20076

SECUNIA - 20073

SECUNIA - 20002

SUSE - SUSE-SA:2006:036

APPLE - APPLE-SA-2007-03-13

CONFIRM - http://docs.info.apple.com/article.html?artnum=305214

Related Patches

Apple 2007-03-13 Mac OS X 10.4.9 Combo Update (Intel) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Combo Update (PPC) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Update (PPC) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Update (Intel) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Server Update (PPC) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Server Combo Update (PPC) (Rev 3)


Last Updated: 27 May 2016 10:42:06