LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mysql: information leaks

Package(s):mysql mysql-dfsg CVE #(s):CVE-2006-1516 CVE-2006-1517
Created:May 8, 2006 Updated:June 23, 2006
Description: Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request. (CVE-2006-1517)

Alerts:
SuSE SUSE-SA:2006:036 2006-06-23
Debian DSA-1079-1 2006-05-29
Debian DSA-1073-1 2006-05-22
Debian DSA-1071-1 2006-05-22
Fedora FEDORA-2006-553 2006-05-17
Fedora FEDORA-2006-554 2006-05-17
Gentoo 200605-13 2006-05-11
Slackware SSA:2006-129-02 2006-05-10
Mandriva MDKSA-2006:084 2006-05-10
Ubuntu USN-283-1 2006-05-08
(Log in to post comments)

mysql: information leaks

Posted Jun 29, 2006 9:27 UTC (Thu) by mjcox@redhat.com (subscriber, #31775) [Link]

These were fixed in Red Hat Enterprise Linux 4, RHSA-2006:0544 on June 9. These issues did not affect the version of MySQL shipped with Enterprise Linux 2.1 or 3.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds