Debian 4.1 Advisory DSA-1073-1 Low: MySQL Remote Code Execution
debian
May 22, 2006
Several vulnerabilities have been discovered in MySQL, a popular SQL database
Topics Covered
Summary
Improper handling of SQL queries containing the NULL character
allow local users to bypass logging mechanisms.
CVE-2006-1516
Usernames without a trailing null byte allow remote attackers to
read portions of memory.
CVE-2006-1517
A request with an incorrect packet length allows remote attackers
to obtain sensitive information.
CVE-2006-1518
Specially crafted request packets with invalid length values allow
the execution of arbitrary code.
The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:
woody sarge sid
mysql 3.23.49-8.15 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge2 n/a
mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a
mysql-dfsg-5.0 n/a n/a 5.0.21-3
We recommend that you upgrade your mysql packages.
Upgrade Instructions
- --------------------wget url
wi...
PREVIOUS
NEXT
Severity
low
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!