Check Point Advisories

Preemptive Protection against MySQL sql_parse Information Disclosure Vulnerabilities

Check Point Reference: CPAI-2006-066
Date Published: 18 Jun 2006
Severity: Medium
Last Updated: Tuesday 15 May, 2007
Source: FrSIRT/ADV-2006-1633
Industry Reference:CVE-2006-1516
Protection Provided by:
Who is Vulnerable? MySQL version 4.0.26 and prior
MySQL version 4.1.18 and prior
MySQL version 5.0.20 and prior
MySQL version 5.1.9 and prior
Vulnerability Description An input validation flaw has been identified in several versions of MySQL, which could be exploited by attackers to compromise a vulnerable system or gain knowledge of sensitive information.
Update/Patch AvaliableUpgrade to MySQL version 5.0.21 :
http://dev.mysql.com/downloads/
Vulnerability DetailsThe vulnerability is due to an input validation error in the "sql_parse.cc" script that fails to handle malformed login packets. This could also be exploited by attackers to disclose portions of the memory in error messages.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK