Vulnerability Name:
CVE-2006-1518 (CCN-26232)
Assigned:
2006-05-03
Published:
2006-05-03
Updated:
2019-12-17
Summary:
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
CVSS v3 Severity:
5.5 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
6.5 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
6.5 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Privileges
References:
Source: CCN
Type: BugTraq Mailing List, Tue May 02 2006 - 08:40:57 CDT
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution.
Source: CONFIRM
Type: Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939
Source: MITRE
Type: CNA
CVE-2006-1518
Source: CONFIRM
Type: Patch
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:036
Source: CCN
Type: SA19929
MySQL Information Disclosure and Buffer Overflow Vulnerabilities
Source: SECUNIA
Type: Patch, Vendor Advisory
19929
Source: SECUNIA
Type: UNKNOWN
20241
Source: SECUNIA
Type: UNKNOWN
20253
Source: SECUNIA
Type: UNKNOWN
20333
Source: SECUNIA
Type: UNKNOWN
20457
Source: SECUNIA
Type: UNKNOWN
20762
Source: SREASON
Type: UNKNOWN
839
Source: CCN
Type: SECTRACK ID: 1016016
MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
Source: SECTRACK
Type: Patch
1016016
Source: DEBIAN
Type: UNKNOWN
DSA-1071
Source: DEBIAN
Type: UNKNOWN
DSA-1073
Source: DEBIAN
Type: UNKNOWN
DSA-1079
Source: DEBIAN
Type: DSA-1071
mysql -- several vulnerabilities
Source: DEBIAN
Type: DSA-1073
mysql-dfsg-4.1 -- several vulnerabilities
Source: DEBIAN
Type: DSA-1079
mysql-dfsg -- several vulnerabilities
Source: CCN
Type: US-CERT VU#602457
MySQL fails to properly validate COM_TABLE_DUMP packets
Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#602457
Source: CCN
Type: MySQL Web site
MySQL AB :: The world's most popular open source database
Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:012
Source: CCN
Type: OSVDB ID: 25227
MySQL COM_TABLE_DUMP Packet Overflow
Source: BUGTRAQ
Type: UNKNOWN
20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution.
Source: BID
Type: UNKNOWN
17780
Source: CCN
Type: BID-17780
MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
Source: VUPEN
Type: UNKNOWN
ADV-2006-1633
Source: MISC
Type: Patch
http://www.wisec.it/vulns.php?page=8
Source: XF
Type: UNKNOWN
mysql-comtabledump-bo(26232)
Source: XF
Type: UNKNOWN
mysql-comtabledump-bo(26232)
Source: SUSE
Type: SUSE-SA:2006:036
mysql remote code execution
Source: SUSE
Type: SUSE-SR:2006:012
SUSE Security Summary Report
Vulnerable Configuration:
Configuration 1
:
cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
AND
cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
OR
cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
OR
cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20061518
V
CVE-2006-1518
2015-11-16
oval:org.debian:def:1079
V
several vulnerabilities
2006-05-29
oval:org.debian:def:1071
V
several vulnerabilities
2006-05-22
oval:org.debian:def:1073
V
several vulnerabilities
2006-05-22
BACK
mysql
mysql 5.0.1
mysql
mysql 5.0.2
mysql
mysql 5.0.3
mysql
mysql 5.0.4
mysql
mysql 5.0.5
mysql
mysql 5.0.10
mysql
mysql 5.0.15
mysql
mysql 5.0.16
mysql
mysql 5.0.17
mysql
mysql 5.0.20
oracle
mysql 5.0.0 alpha
oracle
mysql 5.0.3 beta
oracle
mysql 5.0.6
oracle
mysql 5.0.7
oracle
mysql 5.0.8
oracle
mysql 5.0.9
oracle
mysql 5.0.11
oracle
mysql 5.0.12
oracle
mysql 5.0.13
oracle
mysql 5.0.14
oracle
mysql 5.0.18
oracle
mysql 5.0.19
mysql
mysql 5.0
mysql
mysql 5.0.18
mysql
mysql 5.0.0.0
mysql
mysql 5.0.0 alpha
mysql
mysql 5.0.1
mysql
mysql 5.0.10
mysql
mysql 5.0.11
mysql
mysql 5.0.12
mysql
mysql 5.0.13
mysql
mysql 5.0.14
mysql
mysql 5.0.15
mysql
mysql 5.0.16
mysql
mysql 5.0.17
mysql
mysql 5.0.19
mysql
mysql 5.0.2
mysql
mysql 5.0.3
mysql
mysql 5.0.3 beta
mysql
mysql 5.0.4
mysql
mysql 5.0.5
mysql
mysql 5.0.6
mysql
mysql 5.0.7
mysql
mysql 5.0.8
mysql
mysql 5.0.9
debian
debian linux 3.0
suse
linux enterprise server 8
suse
suse linux 9.1
suse
suse linux 9.2
debian
debian linux 3.1
suse
suse linux 10.0
suse
suse linux 10.1
suse
suse linux 9.3
Denotes that component is vulnerable