Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-1516

Published: 05/05/2006 Updated: 17/12/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Oracle

Vulnerability Summary

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote malicious users to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql 4.0.1

oracle mysql 4.0.10

oracle mysql 4.0.16

oracle mysql 4.0.17

oracle mysql 4.0.24

oracle mysql 4.0.25

oracle mysql 4.0.7

oracle mysql 4.0.8

mysql mysql 4.1.10

oracle mysql 4.1.17

oracle mysql 4.1.18

oracle mysql 4.1.2

mysql mysql 4.1.8

oracle mysql 4.1.9

oracle mysql 5.0.12

oracle mysql 5.0.13

mysql mysql 5.0.3

oracle mysql 5.0.3

mysql mysql 5.0.4

oracle mysql 4.0.0

oracle mysql 4.0.14

oracle mysql 4.0.15

oracle mysql 4.0.21

oracle mysql 4.0.23

oracle mysql 4.0.6

mysql mysql 4.1.0

oracle mysql 4.1.0

mysql mysql 4.1.15

oracle mysql 4.1.16

oracle mysql 4.1.6

oracle mysql 4.1.7

mysql mysql 5.0.10

oracle mysql 5.0.11

oracle mysql 5.0.18

mysql mysql 5.0.2

oracle mysql 5.0.9

oracle mysql 4.0.11

oracle mysql 4.0.18

oracle mysql 4.0.19

oracle mysql 4.0.26

oracle mysql 4.0.3

oracle mysql 4.0.4

oracle mysql 4.0.9

oracle mysql 4.1.11

mysql mysql 4.1.12

mysql mysql 4.1.3

oracle mysql 4.1.3

oracle mysql 5.0.14

mysql mysql 5.0.15

mysql mysql 5.0.5

oracle mysql 5.0.6

oracle mysql 4.0.12

oracle mysql 4.0.13

oracle mysql 4.0.2

oracle mysql 4.0.20

oracle mysql 4.0.5

oracle mysql 4.0.5a

mysql mysql 4.1.13

mysql mysql 4.1.14

oracle mysql 4.1.4

oracle mysql 4.1.5

oracle mysql 5.0.0

mysql mysql 5.0.1

mysql mysql 5.0.16

mysql mysql 5.0.17

oracle mysql 5.0.7

oracle mysql 5.0.8

Vendor Advisories

Ubuntu Security Notice: mysql-dfsg-4.1, mysql-dfsg vulnerabilities
Stefano Di Paola discovered an information leak in the login packet parser By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data (CVE-2006-1516) ...
Debian Security Advisories: DSA-1073-1 mysql-dfsg-4.1 -- several vulnerabilities
Several vulnerabilities have been discovered in MySQL, a popular SQL database The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms CVE-2006-1516 Usernames without a trailing null ...
Debian Security Advisories: DSA-1079-1 mysql-dfsg -- several vulnerabilities
Several vulnerabilities have been discovered in MySQL, a popular SQL database The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms CVE-2006-1516 Usernames without a trailing null ...
Debian Security Advisories: DSA-1071-1 mysql -- several vulnerabilities
Several vulnerabilities have been discovered in MySQL, a popular SQL database The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms CVE-2006-1516 Usernames without a trailing null ...

Exploits

Exploit DB: MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage
/* **************************************************************** April 21st 2006 my_anon_db_leakc MySql Anonimous Login Memory Leak MySql <= 5020 MySql <= 41x copyright 2006 Stefano Di Paola (stefanodipaola_at_wisecit) GPL 20 **************************************************************** ...

References

NVD-CWE-Otherhttp://www.wisec.it/vulns.php?page=7http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.htmlhttp://bugs.debian.org/365938http://securitytracker.com/id?1016017http://secunia.com/advisories/19929http://www.securityfocus.com/bid/17780http://secunia.com/advisories/20002http://www.gentoo.org/security/en/glsa/glsa-200605-13.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:084http://secunia.com/advisories/20073http://secunia.com/advisories/20076http://www.debian.org/security/2006/dsa-1071http://www.trustix.org/errata/2006/0028http://secunia.com/advisories/20223http://www.debian.org/security/2006/dsa-1073http://secunia.com/advisories/20241http://secunia.com/advisories/20253http://www.debian.org/security/2006/dsa-1079http://secunia.com/advisories/20333http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377http://www.novell.com/linux/security/advisories/2006-06-02.htmlhttp://secunia.com/advisories/20424http://secunia.com/advisories/20457http://www.redhat.com/support/errata/RHSA-2006-0544.htmlhttp://secunia.com/advisories/20625http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.htmlhttp://secunia.com/advisories/20762http://docs.info.apple.com/article.html?artnum=305214http://secunia.com/advisories/24479http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://securityreason.com/securityalert/840http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1http://secunia.com/advisories/29847http://www.vupen.com/english/advisories/2007/0930http://www.vupen.com/english/advisories/2006/1633http://www.vupen.com/english/advisories/2008/1326/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/26236https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9918https://usn.ubuntu.com/283-1/http://www.securityfocus.com/archive/1/434164/100/0/threadedhttp://www.securityfocus.com/archive/1/432733/100/0/threadedhttps://usn.ubuntu.com/283-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/1742/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook