User: Password:
Subscribe / Log in / New account

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Red Hat RHSA-2008:0364-01 mysql 2008-05-21
Ubuntu USN-274-2 mysql-dfsg 2006-05-15
Ubuntu USN-274-1 mysql-dfsg 2006-04-27
Mandriva MDKSA-2006:064 MySQL 2006-04-03

(Log in to post comments)

MySQL: logging bypass

Posted Apr 6, 2006 1:58 UTC (Thu) by chip (subscriber, #8258) [Link]

There's no such thing as a "NULL" character. The character with code zero is named "NUL" (one L).

null character

Posted May 4, 2006 14:40 UTC (Thu) by robbe (subscriber, #16131) [Link]

No, the character is called "NULL", the three letter abbreviation is "NUL". See ECMA-048 or a similar standard.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds