Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200606-13
HistoryJun 11, 2006 - 12:00 a.m.

MySQL: SQL Injection

2006-06-1100:00:00
Gentoo Foundation
security.gentoo.org
14

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

Background

MySQL is a popular multi-threaded, multi-user SQL server.

Description

MySQL is vulnerable to an injection flaw in mysql_real_escape() when used with multi-byte characters.

Impact

Due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements into the MySQL server for execution.

Workaround

There are a few workarounds available: NO_BACKSLASH_ESCAPES mode as a workaround for a bug in mysql_real_escape_string(): SET sql_mode=‘NO_BACKSLASH_ESCAPES’; SET GLOBAL sql_mode=‘NO_BACKSLASH_ESCAPES’; and server command line options: --sql-mode=NO_BACKSLASH_ESCAPES.

Resolution

All MySQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.1.20"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/mysql< 5.0.22UNKNOWN

Related

nessus 11
securityvulns 1
ubuntu 2
openvas 8
cve 1
debian 1
prion 1
ubuntucve 1
slackware 1
centos 1
redhat 1
nessus
nessus
Ubuntu 5.10 / 6.06 LTS : mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability (USN-303-1)
2007-11-10 00:00:00
MySQL < 4.1.20 / 5.0.22 / 5.1.11 SQL Injection
2012-01-16 00:00:00
Debian DSA-1092-1 : mysql-dfsg-4.1 - programming error
2006-10-14 00:00:00
securityvulns
securityvulns
[ MDKSA-2006:097 ] - Updated MySQL packages fixes SQL injection vulnerability.
2006-06-08 00:00:00
ubuntu
ubuntu
MySQL vulnerability
2006-06-17 00:00:00
PostgreSQL client vulnerabilities
2006-06-09 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1092-1)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-303-1)
2022-08-26 00:00:00
Gentoo Security Advisory GLSA 200606-13 (MySQL)
2008-09-24 00:00:00
cve
cve
CVE-2006-2753
2006-06-01 17:02:00
debian
debian
[SECURITY] [DSA 1092-1] New MySQL 4.1 packages fix SQL injection
2006-06-08 13:49:58
prion
prion
Sql injection
2006-06-01 17:02:00
ubuntucve
ubuntucve
CVE-2006-2753
2006-06-01 00:00:00
slackware
slackware
[slackware-security] mysql
2006-06-05 08:12:48
centos
centos
mysql security update
2006-06-09 17:37:00
redhat
redhat
(RHSA-2006:0544) mysql security update
2006-06-09 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON
Related for GLSA-200606-13
nessus11securityvulns1ubuntu2openvas8cve1debian1prion1ubuntucve1slackware1centos1redhat1