CVE - CVE-2006-0903

CVE-ID
CVE-2006-0903	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1015693 URL:http://securitytracker.com/id?1015693 MISC:16850 URL:http://www.securityfocus.com/bid/16850 MISC:19034 URL:http://secunia.com/advisories/19034 MISC:19502 URL:http://secunia.com/advisories/19502 MISC:19814 URL:http://secunia.com/advisories/19814 MISC:20060225 mysql <= 5.0.18 URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html MISC:20241 URL:http://secunia.com/advisories/20241 MISC:20253 URL:http://secunia.com/advisories/20253 MISC:20333 URL:http://secunia.com/advisories/20333 MISC:20625 URL:http://secunia.com/advisories/20625 MISC:30351 URL:http://secunia.com/advisories/30351 MISC:ADV-2006-0752 URL:~~http://www.vupen.com/english/advisories/2006/0752~~ (Obsolete source) MISC:DSA-1071 URL:http://www.debian.org/security/2006/dsa-1071 MISC:DSA-1073 URL:http://www.debian.org/security/2006/dsa-1073 MISC:DSA-1079 URL:http://www.debian.org/security/2006/dsa-1079 MISC:MDKSA-2006:064 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:064~~ (Obsolete source) MISC:RHSA-2006:0544 URL:http://www.redhat.com/support/errata/RHSA-2006-0544.html MISC:RHSA-2007:0083 URL:http://www.redhat.com/support/errata/RHSA-2007-0083.html MISC:RHSA-2008:0364 URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html MISC:USN-274-1 URL:https://usn.ubuntu.com/274-1/ MISC:USN-274-2 URL:http://www.ubuntu.com/usn/usn-274-2 MISC:http://bugs.mysql.com/bug.php?id=17667 URL:http://bugs.mysql.com/bug.php?id=17667 MISC:http://rst.void.ru/papers/advisory39.txt URL:http://rst.void.ru/papers/advisory39.txt MISC:mysql-query-log-bypass-security(24966) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24966 MISC:oval:org.mitre.oval:def:9915 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915
Assigning CNA
Red Hat, Inc.
Date Record Created
20060227	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060227)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.