Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:9915

Version

Class

vulnerability

ALTXid

1678

Language

English

Severity

NotAvailable

Title

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.

Description

Family

unix

Platform

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2010-07-09T03:56:16-04:00 : submitted
  - SCAP.com, LLC Aharon Chernin
- 2010-07-28T14:15:59.900-04:00 : status_change DRAFT
- 2010-08-16T04:14:55.967-04:00 : status_change INTERIM
- 2010-09-06T04:16:03.786-04:00 : status_change ACCEPTED
- 2013-04-10T17:31:00.062-04:00 : modified EDITED oval:org.mitre.oval:def:9915 - Expanded the vulnerability checks for RHEL 3, 4, and 5 to cover CentOS 3, 4, 5 and Oracle Linux 4 and 5
  - G2, Inc. Dragos Prisaca
- 2013-04-10T17:34:41.759-04:00 : status_change INTERIM
- 2013-04-29T04:23:17.621-04:00 : status_change ACCEPTED

Reference

CVE: CVE-2006-0903

Criteria

Expand All

Collapse All

AND

OS Section: RHEL4, CentOS4, Oracle Linux 4

OR	RHEL4, CentOS4 or Oracle Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11831) The operating system installed on the system is Red Hat Enterprise Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16636) CentOS Linux 4.x
EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15990) Oracle Linux 4.x

OR Configuration section
- CRITERION mysql is earlier than 0:4.1.20-1.RHEL4.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:32252) check=at least one, check_existence=at_least_one_exists, comment=mysql is earlier than 0:4.1.20-1.RHEL4.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14355)
      name mysql
    - rpminfo_state (ID = oval:org.mitre.oval:ste:9812)
      evr datatype=evr_string | operation=less than | value=0:4.1.20-1.RHEL4.1
- CRITERION mysql-devel is earlier than 0:4.1.20-1.RHEL4.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:32551) check=at least one, check_existence=at_least_one_exists, comment=mysql-devel is earlier than 0:4.1.20-1.RHEL4.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14481)
      name mysql-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:9812)
      evr datatype=evr_string | operation=less than | value=0:4.1.20-1.RHEL4.1
- CRITERION mysql-bench is earlier than 0:4.1.20-1.RHEL4.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:32245) check=at least one, check_existence=at_least_one_exists, comment=mysql-bench is earlier than 0:4.1.20-1.RHEL4.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14400)
      name mysql-bench
    - rpminfo_state (ID = oval:org.mitre.oval:ste:9812)
      evr datatype=evr_string | operation=less than | value=0:4.1.20-1.RHEL4.1
- CRITERION mysql-server is earlier than 0:4.1.20-1.RHEL4.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:32560) check=at least one, check_existence=at_least_one_exists, comment=mysql-server is earlier than 0:4.1.20-1.RHEL4.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14342)
      name mysql-server
    - rpminfo_state (ID = oval:org.mitre.oval:ste:9812)
      evr datatype=evr_string | operation=less than | value=0:4.1.20-1.RHEL4.1

AND

OS Section: RHEL5, CentOS5, Oracle Linux 5

OR	RHEL5, CentOS5 or Oracle Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15459) Oracle Linux 5.x

OR Configuration section
- CRITERION mysql is earlier than 0:5.0.45-7.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36197) check=at least one, check_existence=at_least_one_exists, comment=mysql is earlier than 0:5.0.45-7.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14355)
      name mysql
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10852)
      evr datatype=evr_string | operation=less than | value=0:5.0.45-7.el5
- CRITERION mysql-devel is earlier than 0:5.0.45-7.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36749) check=at least one, check_existence=at_least_one_exists, comment=mysql-devel is earlier than 0:5.0.45-7.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14481)
      name mysql-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10852)
      evr datatype=evr_string | operation=less than | value=0:5.0.45-7.el5
- CRITERION mysql-test is earlier than 0:5.0.45-7.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36750) check=at least one, check_existence=at_least_one_exists, comment=mysql-test is earlier than 0:5.0.45-7.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14941)
      name mysql-test
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10852)
      evr datatype=evr_string | operation=less than | value=0:5.0.45-7.el5
- CRITERION mysql-bench is earlier than 0:5.0.45-7.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36831) check=at least one, check_existence=at_least_one_exists, comment=mysql-bench is earlier than 0:5.0.45-7.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14400)
      name mysql-bench
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10852)
      evr datatype=evr_string | operation=less than | value=0:5.0.45-7.el5
- CRITERION mysql-server is earlier than 0:5.0.45-7.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36646) check=at least one, check_existence=at_least_one_exists, comment=mysql-server is earlier than 0:5.0.45-7.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14342)
      name mysql-server
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10852)
      evr datatype=evr_string | operation=less than | value=0:5.0.45-7.el5


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	PARTIAL
Access complexity:	LOW
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL