Detections
Analytics

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:084)

medium Nessus Plugin ID 21359

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. (CVE-2006-1516)

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
(CVE-2006-1517)

Updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 21359

File Name: mandrake_MDKSA-2006-084.nasl

Version: 1.16

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-ndb, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:x11r6-contrib, p-cpe:/a:mandriva:linux:lib64mysql14, p-cpe:/a:mandriva:linux:lib64mysql14-devel, p-cpe:/a:mandriva:linux:libmysql14, p-cpe:/a:mandriva:linux:libmysql14-devel, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 5/10/2006

Reference Information

CVE: CVE-2006-1516, CVE-2006-1517

MDKSA: 2006:084