Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200606-13] MySQL: SQL Injection


Vulnerability Assessment Details

[GLSA-200606-13] MySQL: SQL Injection

Vulnerability Assessment Summary
MySQL: SQL Injection

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200606-13
(MySQL: SQL Injection)


MySQL is vulnerable to an injection flaw in mysql_real_escape() when
used with multi-byte characters.

Impact

Due to a flaw in the multi-byte character process, a possible hacker is still
able to inject arbitary SQL statements into the MySQL server for
execution.

Workaround

There are a few workarounds available: NO_BACKSLASH_ESCAPES mode as a
workaround for a bug in mysql_real_escape_string(): SET
sql_mode='NO_BACKSLASH_ESCAPES'
SET GLOBAL
sql_mode='NO_BACKSLASH_ESCAPES'
and server command line options:
--sql-mode=NO_BACKSLASH_ESCAPES.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753


Solution:
All MySQL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-4.1.20"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2006 Michel Arboi

Cables, Connectors

Dell PowerEdge M630 Blade 2x E5-2630Lv3 64GB DDR4 2x 900GB 10K SAS H730, 57810-k
$2955.0
Dell PowerEdge M630 Blade 2x E5-2630Lv3 64GB DDR4 2x 900GB 10K SAS H730, 57810-k pictureDell PowerEdge M630 Blade 2x E5-2630Lv3 64GB DDR4 2x 600GB 10K SAS H730, 57810-k
$3000.0
Dell PowerEdge M630 Blade 2x E5-2630Lv3 64GB DDR4 2x 600GB 10K SAS H730, 57810-k pictureHP C7000 Blade Center 12x BL460C w/ 2x 3GHz Quad Core, 64GB RAM, 2x 72GB HDD
$4693.85
HP C7000 Blade Center 12x BL460C w/ 2x 3GHz Quad Core, 64GB RAM, 2x 72GB HDD pictureDell PowerEdge M630 Blade 2x E5-2630Lv3 64GB DDR4 2 x 2.5" Trays, H730, 57810-k
$2705.0
Dell PowerEdge M630 Blade 2x E5-2630Lv3 64GB DDR4 2 x 2.5


Discussions

No Discussions have been posted on this vulnerability.