SUSE-SA:2006:036: mysql

high Nessus Plugin ID 24416

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).

The database server MySQL was updated to fix the following security problems:

- Attackers could read portions of memory by using a user name with trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516, CVE-2006-1517).

- Attackers could potentially execute arbitrary code by causing a buffer overflow via specially crafted COM_TABLE_DUMP packets (CVE-2006-1518).

The mysql server package was released on May 30th already, the mysql-Max server package was released on June 20th after additional bugfixes.

Solution

http://www.novell.com/linux/security/advisories/2006_36_mysql.html

Plugin Details

Severity: High

ID: 24416

File Name: suse_SA_2006_036.nasl

Version: 1.10

Agent: unix

Family: SuSE Local Security Checks

Published: 2/18/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Detections

Analytics