PT-2006-1947 · Mysql Server+1 · Mysql Server+1

4Yka

Published

2006-02-27

Updated

2024-06-15

CVE-2006-0903

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MySQL versions 5.0.18 and earlier

Description The issue allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. This is due to improper handling by the mysql real query function. It is noted that this issue was originally reported for the mysql query function, but the vendor states that since mysql query expects a null character, this is not an issue for mysql query.

Recommendations For MySQL versions 5.0.18 and earlier, consider updating to a newer version to mitigate the risk, as the mysql real query function's improper handling of NULL characters in SQL queries can be exploited to bypass logging mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0903

DSA-1071-1

DSA-1073-1

DSA-1079-1

OPENSUSE-SU-2024:11038-1

RHSA-2006:0544

RHSA-2006_0544

RHSA-2007:0083

RHSA-2008:0364

RHSA-2008_0364

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

Affected Products

Mysql Server

Red Hat

PT-2006-1947 · Mysql Server+1 · Mysql Server+1

CVE-2006-0903

Related Identifiers

Affected Products

References · 475