SUSE-SA:2006:036: mysql

This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).


The database server MySQL was updated to fix the following security problems:

- Attackers could read portions of memory by using a user name with
trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,
CVE-2006-1517).

- Attackers could potentially execute arbitrary code by causing a
buffer overflow via specially crafted COM_TABLE_DUMP packets
(CVE-2006-1518).

The mysql server package was released on May 30th already, the
mysql-Max server package was released on June 20th after additional
bugfixes.

Solution :

http://www.novell.com/linux/security/advisories/2006_36_mysql.html

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 24416 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now