Vulnerability Description
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Mysql | 4.1.0 |
| Oracle | Mysql | 4.0.0 |
References
- http://bugs.debian.org/365938
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.htmlPatch
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html
- http://secunia.com/advisories/19929PatchVendor Advisory
- http://secunia.com/advisories/20002
- http://secunia.com/advisories/20073
- http://secunia.com/advisories/20076
- http://secunia.com/advisories/20223
- http://secunia.com/advisories/20241
- http://secunia.com/advisories/20253
- http://secunia.com/advisories/20333
- http://secunia.com/advisories/20424
- http://secunia.com/advisories/20457
FAQ
What is CVE-2006-1516?
CVE-2006-1516 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a traili...
How severe is CVE-2006-1516?
CVE-2006-1516 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1516?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql.