High Nessus Plugin ID 24416
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).
The database server MySQL was updated to fix the following security problems:
- Attackers could read portions of memory by using a user name with trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516, CVE-2006-1517).
- Attackers could potentially execute arbitrary code by causing a buffer overflow via specially crafted COM_TABLE_DUMP packets (CVE-2006-1518).
The mysql server package was released on May 30th already, the mysql-Max server package was released on June 20th after additional bugfixes.