CVE - CVE-2006-1517

CVE-ID
CVE-2006-1517	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-03-13 URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BID:17780 URL:http://www.securityfocus.com/bid/17780 BUGTRAQ:20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution. URL:http://www.securityfocus.com/archive/1/432734/100/0/threaded BUGTRAQ:20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage URL:http://www.securityfocus.com/archive/1/434164/100/0/threaded CERT:TA07-072A URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939 CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 DEBIAN:DSA-1071 URL:http://www.debian.org/security/2006/dsa-1071 DEBIAN:DSA-1073 URL:http://www.debian.org/security/2006/dsa-1073 DEBIAN:DSA-1079 URL:http://www.debian.org/security/2006/dsa-1079 GENTOO:GLSA-200605-13 URL:http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml MANDRIVA:MDKSA-2006:084 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:084~~ (Obsolete source) MISC:http://www.wisec.it/vulns.php?page=8 OSVDB:25228 URL:~~http://www.osvdb.org/25228~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11036 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11036 REDHAT:RHSA-2006:0544 URL:http://www.redhat.com/support/errata/RHSA-2006-0544.html SECTRACK:1016016 URL:http://securitytracker.com/id?1016016 SECUNIA:19929 URL:http://secunia.com/advisories/19929 SECUNIA:20002 URL:http://secunia.com/advisories/20002 SECUNIA:20073 URL:http://secunia.com/advisories/20073 SECUNIA:20076 URL:http://secunia.com/advisories/20076 SECUNIA:20223 URL:http://secunia.com/advisories/20223 SECUNIA:20241 URL:http://secunia.com/advisories/20241 SECUNIA:20253 URL:http://secunia.com/advisories/20253 SECUNIA:20333 URL:http://secunia.com/advisories/20333 SECUNIA:20424 URL:http://secunia.com/advisories/20424 SECUNIA:20457 URL:http://secunia.com/advisories/20457 SECUNIA:20625 URL:http://secunia.com/advisories/20625 SECUNIA:20762 URL:http://secunia.com/advisories/20762 SECUNIA:24479 URL:http://secunia.com/advisories/24479 SECUNIA:29847 URL:http://secunia.com/advisories/29847 SLACKWARE:SSA:2006-155-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377 SREASON:839 URL:http://securityreason.com/securityalert/839 SUNALERT:236703 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1~~ (Obsolete source) SUSE:SUSE-SA:2006:036 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html SUSE:SUSE-SR:2006:012 URL:http://www.novell.com/linux/security/advisories/2006-06-02.html TRUSTIX:2006-0028 URL:~~http://www.trustix.org/errata/2006/0028~~ (Obsolete source - check if archived by the Wayback Machine) UBUNTU:USN-283-1 URL:https://usn.ubuntu.com/283-1/ VUPEN:ADV-2006-1633 URL:~~http://www.vupen.com/english/advisories/2006/1633~~ (Obsolete source) VUPEN:ADV-2007-0930 URL:~~http://www.vupen.com/english/advisories/2007/0930~~ (Obsolete source) VUPEN:ADV-2008-1326 URL:~~http://www.vupen.com/english/advisories/2008/1326/references~~ (Obsolete source) XF:mysql-sqlparcecc-information-disclosure(26228) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26228
Assigning CNA
Debian GNU/Linux
Date Record Created
20060330	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060330)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)