Vulnerability Description
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Mysql | 4.1.0 |
| Oracle | Mysql | 4.0.0 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939Patch
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.htmlPatch
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html
- http://secunia.com/advisories/19929PatchVendor Advisory
- http://secunia.com/advisories/20002
- http://secunia.com/advisories/20073
- http://secunia.com/advisories/20076
- http://secunia.com/advisories/20223
- http://secunia.com/advisories/20241
- http://secunia.com/advisories/20253
- http://secunia.com/advisories/20333
- http://secunia.com/advisories/20424
- http://secunia.com/advisories/20457
FAQ
What is CVE-2006-1517?
CVE-2006-1517 is a vulnerability with a CVSS score of 5.0 (MEDIUM). sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet lengt...
How severe is CVE-2006-1517?
CVE-2006-1517 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1517?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql.