SUSE-SA:2006:036: mysql

High Nessus Plugin ID 24416


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).

The database server MySQL was updated to fix the following security problems:

- Attackers could read portions of memory by using a user name with trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516, CVE-2006-1517).

- Attackers could potentially execute arbitrary code by causing a buffer overflow via specially crafted COM_TABLE_DUMP packets (CVE-2006-1518).

The mysql server package was released on May 30th already, the mysql-Max server package was released on June 20th after additional bugfixes.


Plugin Details

Severity: High

ID: 24416

File Name: suse_SA_2006_036.nasl

Version: $Revision: 1.5 $

Agent: unix

Published: 2007/02/18

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list