Vulnerabilities > CVE-2006-4380 - Denial Of Service vulnerability in Mysql 4.1.13

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
mysql
nessus

Summary

MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.

Vulnerable Configurations

Part Description Count
Application
Mysql
1

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0544.NASL
    descriptionUpdated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21683
    published2006-06-11
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21683
    titleRHEL 4 : mysql (RHSA-2006:0544)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0544. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21683);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4380");
      script_bugtraq_id(17780);
      script_xref(name:"RHSA", value:"2006:0544");
    
      script_name(english:"RHEL 4 : mysql (RHSA-2006:0544)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mysql packages that fix multiple security flaws are now
    available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
    client/server implementation consisting of a server daemon (mysqld)
    and many different client programs and libraries.
    
    A flaw was found in the way the MySQL mysql_real_escape() function
    escaped strings when operating in a multibyte character encoding. An
    attacker could provide an application a carefully crafted string
    containing invalidly-encoded characters which may be improperly
    escaped, leading to the injection of malicious SQL commands.
    (CVE-2006-2753)
    
    An information disclosure flaw was found in the way the MySQL server
    processed malformed usernames. An attacker could view a small portion
    of server memory by supplying an anonymous login username which was
    not null terminated. (CVE-2006-1516)
    
    An information disclosure flaw was found in the way the MySQL server
    executed the COM_TABLE_DUMP command. An authenticated malicious user
    could send a specially crafted packet to the MySQL server which
    returned random unallocated memory. (CVE-2006-1517)
    
    A log file obfuscation flaw was found in the way the
    mysql_real_query() function creates log file entries. An attacker with
    the the ability to call the mysql_real_query() function against a
    mysql server can obfuscate the entry the server will write to the log
    file. However, an attacker needed to have complete control over a
    server in order to attempt this attack. (CVE-2006-0903)
    
    This update also fixes numerous non-security-related flaws, such as
    intermittent authentication failures.
    
    All users of mysql are advised to upgrade to these updated packages
    containing MySQL version 4.1.20, which is not vulnerable to these
    issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2753"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4380"
      );
      # http://lists.mysql.com/announce/364
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.mysql.com/announce/364"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0544"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0544";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"mysql-4.1.20-1.RHEL4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mysql-bench-4.1.20-1.RHEL4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mysql-devel-4.1.20-1.RHEL4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mysql-server-4.1.20-1.RHEL4.1")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-server");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0544.NASL
    descriptionUpdated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id22000
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22000
    titleCentOS 4 : mysql (CESA-2006:0544)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0544 and 
    # CentOS Errata and Security Advisory 2006:0544 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22000);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4380");
      script_bugtraq_id(17780);
      script_xref(name:"RHSA", value:"2006:0544");
    
      script_name(english:"CentOS 4 : mysql (CESA-2006:0544)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mysql packages that fix multiple security flaws are now
    available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
    client/server implementation consisting of a server daemon (mysqld)
    and many different client programs and libraries.
    
    A flaw was found in the way the MySQL mysql_real_escape() function
    escaped strings when operating in a multibyte character encoding. An
    attacker could provide an application a carefully crafted string
    containing invalidly-encoded characters which may be improperly
    escaped, leading to the injection of malicious SQL commands.
    (CVE-2006-2753)
    
    An information disclosure flaw was found in the way the MySQL server
    processed malformed usernames. An attacker could view a small portion
    of server memory by supplying an anonymous login username which was
    not null terminated. (CVE-2006-1516)
    
    An information disclosure flaw was found in the way the MySQL server
    executed the COM_TABLE_DUMP command. An authenticated malicious user
    could send a specially crafted packet to the MySQL server which
    returned random unallocated memory. (CVE-2006-1517)
    
    A log file obfuscation flaw was found in the way the
    mysql_real_query() function creates log file entries. An attacker with
    the the ability to call the mysql_real_query() function against a
    mysql server can obfuscate the entry the server will write to the log
    file. However, an attacker needed to have complete control over a
    server in order to attempt this attack. (CVE-2006-0903)
    
    This update also fixes numerous non-security-related flaws, such as
    intermittent authentication failures.
    
    All users of mysql are advised to upgrade to these updated packages
    containing MySQL version 4.1.20, which is not vulnerable to these
    issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-June/012951.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8862ac3b"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-June/012952.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?778eb708"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-June/012960.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?153a36e4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mysql packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"mysql-4.1.20-1.RHEL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mysql-bench-4.1.20-1.RHEL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mysql-devel-4.1.20-1.RHEL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mysql-server-4.1.20-1.RHEL4.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-server");
    }
    
  • NASL familyDatabases
    NASL idMYSQL_4_1_13.NASL
    descriptionThe version of MySQL installed on the remote host is older than 4.1.13. On these versions, a local attacker could crash the replication slave via a specific query.
    last seen2020-06-01
    modified2020-06-02
    plugin id17825
    published2012-01-18
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17825
    titleMySQL < 4.1.13 Denial of Service
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17825);
      script_version("1.5");
      script_cvs_date("Date: 2018/11/15 20:50:21");
    
      script_cve_id("CVE-2006-4380");
      script_bugtraq_id(19794);
    
      script_name(english:"MySQL < 4.1.13 Denial of Service");
      script_summary(english:"Checks version of MySQL server");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is vulnerable to a denial of service
    attack.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL installed on the remote host is older than
    4.1.13.  On these versions, a local attacker could crash the
    replication slave via a specific query.");
      script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=10442");
      script_set_attribute(attribute:"see_also", value:"https://lists.mysql.com/internals/26123");
      script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 4.1.13 or later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    
    include("mysql_version.inc");
    
    mysql_check_version(fixed:'4.1.13', severity:SECURITY_NOTE);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1169.NASL
    descriptionSeveral local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4226 Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. - CVE-2006-4380 Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication.
    last seen2020-06-01
    modified2020-06-02
    plugin id22711
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22711
    titleDebian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1169. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22711);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2006-4226", "CVE-2006-4380");
      script_bugtraq_id(19559);
      script_xref(name:"DSA", value:"1169");
    
      script_name(english:"Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several local vulnerabilities have been discovered in the MySQL
    database server. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2006-4226
        Michal Prokopiuk discovered that remote authenticated
        users are permitted to create and access a database if
        the lowercase spelling is the same as one they have been
        granted access to.
    
      - CVE-2006-4380
        Beat Vontobel discovered that certain queries replicated
        to a slave could crash the client and thus terminate the
        replication."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4380"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1169"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mysql-server-4.1 package.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 4.1.11a-4sarge7. Version 4.0 is not affected by these
    problems."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"libmysqlclient14", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"libmysqlclient14-dev", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"mysql-client-4.1", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"mysql-common-4.1", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"mysql-server-4.1", reference:"4.1.11a-4sarge7")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-158.NASL
    descriptionMySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. (CVE-2006-4380) There is a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart behavior during updates, as well as scripted setups that temporarily stopped the server to backup the database files. (Bug #15724) The Corporate 3 and MNF2 products are not affected by these issues. Packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id23902
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23902
    titleMandrake Linux Security Advisory : MySQL (MDKSA-2006:158)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2006:158. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(23902);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2006-4380");
      script_xref(name:"MDKSA", value:"2006:158");
    
      script_name(english:"Mandrake Linux Security Advisory : MySQL (MDKSA-2006:158)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "MySQL before 4.1.13 allows local users to cause a denial of service
    (persistent replication slave crash) via a query with multiupdate and
    subselects. (CVE-2006-4380)
    
    There is a bug in the MySQL-Max (and MySQL) init script where the
    script was not waiting for the mysqld daemon to fully stop. This
    impacted the restart behavior during updates, as well as scripted
    setups that temporarily stopped the server to backup the database
    files. (Bug #15724)
    
    The Corporate 3 and MNF2 products are not affected by these issues.
    
    Packages have been patched to correct these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-Max");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-NDB");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:MySQL-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql14");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql14-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql14");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql14-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"MySQL-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"MySQL-Max-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"MySQL-NDB-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"MySQL-bench-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"MySQL-client-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"MySQL-common-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64mysql14-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64mysql14-devel-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libmysql14-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libmysql14-devel-4.1.12-4.8.20060mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2013-04-29T04:07:44.491-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
familyunix
idoval:org.mitre.oval:def:10686
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
version26

Redhat

advisories
bugzilla
id193827
titleCVE-2006-2753 MySQL improper multibyte string escaping
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentmysql-server is earlier than 0:4.1.20-1.RHEL4.1
          ovaloval:com.redhat.rhsa:tst:20060544001
        • commentmysql-server is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060544002
      • AND
        • commentmysql is earlier than 0:4.1.20-1.RHEL4.1
          ovaloval:com.redhat.rhsa:tst:20060544003
        • commentmysql is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060544004
      • AND
        • commentmysql-devel is earlier than 0:4.1.20-1.RHEL4.1
          ovaloval:com.redhat.rhsa:tst:20060544005
        • commentmysql-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060544006
      • AND
        • commentmysql-bench is earlier than 0:4.1.20-1.RHEL4.1
          ovaloval:com.redhat.rhsa:tst:20060544007
        • commentmysql-bench is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060544008
rhsa
idRHSA-2006:0544
released2006-07-19
severityImportant
titleRHSA-2006:0544: mysql security update (Important)
rpms
  • mysql-0:4.1.20-1.RHEL4.1
  • mysql-bench-0:4.1.20-1.RHEL4.1
  • mysql-debuginfo-0:4.1.20-1.RHEL4.1
  • mysql-devel-0:4.1.20-1.RHEL4.1
  • mysql-server-0:4.1.20-1.RHEL4.1