National Cyber Awareness System

Vulnerability Summary for CVE-2006-1516

Overview

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

Impact

CVSS Severity (version 2.0 upgrade from v1.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA07-072A

Name: TA07-072A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-072A.html

External Source: MISC

Name: http://www.wisec.it/vulns.php?page=7

Type: Patch Information

Hyperlink:http://www.wisec.it/vulns.php?page=7

External Source: SECTRACK

Name: 1016017

Type: Patch Information

Hyperlink:http://securitytracker.com/id?1016017

External Source: SECUNIA

Name: 19929

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/19929

External Source: CONFIRM

Name: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html

Type: Patch Information

Hyperlink:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html

External Source: VUPEN

Name: ADV-2008-1326

Hyperlink:http://www.vupen.com/english/advisories/2008/1326/references

External Source: VUPEN

Name: ADV-2007-0930

Hyperlink:http://www.vupen.com/english/advisories/2007/0930

External Source: VUPEN

Name: ADV-2006-1633

Hyperlink:http://www.vupen.com/english/advisories/2006/1633

External Source: BUGTRAQ

Name: 20060502 MySQL Anonymous Login Handshake - Information Leakage.

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/432733/100/0/threaded

External Source: OVAL

Name: oval:org.mitre.oval:def:9918

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9918

External Source: CONFIRM

Name: http://bugs.debian.org/365938

Hyperlink:http://bugs.debian.org/365938

External Source: XF

Name: mysql-login-packet-info-disclosure(26236)

Hyperlink:http://xforce.iss.net/xforce/xfdb/26236

External Source: UBUNTU

Name: USN-283-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-283-1

External Source: TRUSTIX

Name: 2006-0028

Hyperlink:http://www.trustix.org/errata/2006/0028

External Source: BID

Name: 17780

Hyperlink:http://www.securityfocus.com/bid/17780

External Source: BUGTRAQ

Name: 20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/434164/100/0/threaded

External Source: REDHAT

Name: RHSA-2006:0544

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0544.html

External Source: SUSE

Name: SUSE-SR:2006:012

Hyperlink:http://www.novell.com/linux/security/advisories/2006-06-02.html

External Source: MANDRIVA

Name: MDKSA-2006:084

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:084

External Source: GENTOO

Name: GLSA-200605-13

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml

External Source: DEBIAN

Name: DSA-1079

Hyperlink:http://www.debian.org/security/2006/dsa-1079

External Source: DEBIAN

Name: DSA-1073

Hyperlink:http://www.debian.org/security/2006/dsa-1073

External Source: DEBIAN

Name: DSA-1071

Hyperlink:http://www.debian.org/security/2006/dsa-1071

External Source: SUNALERT

Name: 236703

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1

External Source: SLACKWARE

Name: SSA:2006-155-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377

External Source: SREASON

Name: 840

Hyperlink:http://securityreason.com/securityalert/840

External Source: SECUNIA

Name: 29847

Hyperlink:http://secunia.com/advisories/29847

External Source: SECUNIA

Name: 24479

Hyperlink:http://secunia.com/advisories/24479

External Source: SECUNIA

Name: 20762

Hyperlink:http://secunia.com/advisories/20762

External Source: SECUNIA

Name: 20625

Hyperlink:http://secunia.com/advisories/20625

External Source: SECUNIA

Name: 20457

Hyperlink:http://secunia.com/advisories/20457

External Source: SECUNIA

Name: 20424

Hyperlink:http://secunia.com/advisories/20424

External Source: SECUNIA

Name: 20333

Hyperlink:http://secunia.com/advisories/20333

External Source: SECUNIA

Name: 20253

Hyperlink:http://secunia.com/advisories/20253

External Source: SECUNIA

Name: 20241

Hyperlink:http://secunia.com/advisories/20241

External Source: SECUNIA

Name: 20223

Hyperlink:http://secunia.com/advisories/20223

External Source: SECUNIA

Name: 20076

Hyperlink:http://secunia.com/advisories/20076

External Source: SECUNIA

Name: 20073

Hyperlink:http://secunia.com/advisories/20073

External Source: SECUNIA

Name: 20002

Hyperlink:http://secunia.com/advisories/20002

External Source: SUSE

Name: SUSE-SA:2006:036

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html

External Source: APPLE

Name: APPLE-SA-2007-03-13

Hyperlink:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=305214

Hyperlink:http://docs.info.apple.com/article.html?artnum=305214

References to Check Content

Identifier:oval:org.mitre.oval:def:9918

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9918