| Vulnerability Name: | CVE-2006-1518 (CCN-26232) |
| Assigned: | 2006-05-03 |
| Published: | 2006-05-03 |
| Updated: | 2019-12-17 |
| Summary: | Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
|
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Privileges |
| References: | Source: CCN
Type: BugTraq Mailing List, Tue May 02 2006 - 08:40:57 CDT
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution.
Source: CONFIRM
Type: Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939
Source: MITRE
Type: CNA
CVE-2006-1518
Source: CONFIRM
Type: Patch
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:036
Source: CCN
Type: SA19929
MySQL Information Disclosure and Buffer Overflow Vulnerabilities
Source: SECUNIA
Type: Patch, Vendor Advisory
19929
Source: SECUNIA
Type: UNKNOWN
20241
Source: SECUNIA
Type: UNKNOWN
20253
Source: SECUNIA
Type: UNKNOWN
20333
Source: SECUNIA
Type: UNKNOWN
20457
Source: SECUNIA
Type: UNKNOWN
20762
Source: SREASON
Type: UNKNOWN
839
Source: CCN
Type: SECTRACK ID: 1016016
MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
Source: SECTRACK
Type: Patch
1016016
Source: DEBIAN
Type: UNKNOWN
DSA-1071
Source: DEBIAN
Type: UNKNOWN
DSA-1073
Source: DEBIAN
Type: UNKNOWN
DSA-1079
Source: DEBIAN
Type: DSA-1071
mysql -- several vulnerabilities
Source: DEBIAN
Type: DSA-1073
mysql-dfsg-4.1 -- several vulnerabilities
Source: DEBIAN
Type: DSA-1079
mysql-dfsg -- several vulnerabilities
Source: CCN
Type: US-CERT VU#602457
MySQL fails to properly validate COM_TABLE_DUMP packets
Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#602457
Source: CCN
Type: MySQL Web site
MySQL AB :: The world's most popular open source database
Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:012
Source: CCN
Type: OSVDB ID: 25227
MySQL COM_TABLE_DUMP Packet Overflow
Source: BUGTRAQ
Type: UNKNOWN
20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution.
Source: BID
Type: UNKNOWN
17780
Source: CCN
Type: BID-17780
MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
Source: VUPEN
Type: UNKNOWN
ADV-2006-1633
Source: MISC
Type: Patch
http://www.wisec.it/vulns.php?page=8
Source: XF
Type: UNKNOWN
mysql-comtabledump-bo(26232)
Source: XF
Type: UNKNOWN
mysql-comtabledump-bo(26232)
Source: SUSE
Type: SUSE-SA:2006:036
mysql remote code execution
Source: SUSE
Type: SUSE-SR:2006:012
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*AND cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |