FreeBSD : MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities (4913886c-e875-11da-b9f4-00123ffe8333)

Medium Nessus Plugin ID 21633


The remote FreeBSD host is missing one or more security-related updates.


Secunia reports :

MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.

2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.

3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 21633

File Name: freebsd_pkg_4913886ce87511dab9f400123ffe8333.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2006/06/05

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mysql-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2006/06/01

Vulnerability Publication Date: 2006/05/02

Reference Information

CVE: CVE-2006-1516, CVE-2006-1517, CVE-2006-1518

CERT: 602457

Secunia: 19929