VUPEN Security - Fedora Security Update Fixes MySQL Multibyte Encoding SQL Injection Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes MySQL Multibyte Encoding SQL Injection Vulnerability

Title : Fedora Security Update Fixes MySQL Multibyte Encoding SQL Injection Vulnerability
VUPEN ID : VUPEN/ADV-2006-2396
CVE ID : CVE-2006-2753
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-06-16

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Fedora has released security updates to address a vulnerability identified in MySQL. This flaw could be exploited by remote attackers to bypass security restrictions and execute arbitrary SQL commands. For additional information, see : VUPEN/ADV-2006-2105

Affected Products

Fedora Core 5
Fedora Core 4

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

f9d7512362a9d098339fe1095b1eaf304fd6082e SRPMS/mysql-4.1.20-1.FC4.1.src.rpm
f9d7512362a9d098339fe1095b1eaf304fd6082e noarch/mysql-4.1.20-1.FC4.1.src.rpm
292bad3ea934f89db78b3eba2b55bf8ea2bae7f4 ppc/mysql-4.1.20-1.FC4.1.ppc.rpm
758ca4284f66f9ca6e88c41eb3452e7ec209c9a3 ppc/mysql-server-4.1.20-1.FC4.1.ppc.rpm
91d8729a8c8c7f67bdfc3e9bb9ffeebe39f5337e ppc/mysql-devel-4.1.20-1.FC4.1.ppc.rpm
9765d31fccf06a1038aec1bfa03f08917abbeb95 ppc/mysql-bench-4.1.20-1.FC4.1.ppc.rpm
7e7c8a3e17fa30b2f7815d36b92ab3c58555867c ppc/debug/mysql-debuginfo-4.1.20-1.FC4.1.ppc.rpm
bf3943073ab82bc5e235b5ab30ade2dd954f17f3 x86_64/mysql-4.1.20-1.FC4.1.x86_64.rpm
5a099047243fb308dcb1c4b207b7d4ddae60e247 x86_64/mysql-server-4.1.20-1.FC4.1.x86_64.rpm
342b58d9388276c9284aa7336927fd5e5e1669f9 x86_64/mysql-devel-4.1.20-1.FC4.1.x86_64.rpm
c069cfaa7263fac4152c782c8b0852f9b58c6bf8 x86_64/mysql-bench-4.1.20-1.FC4.1.x86_64.rpm
f189ec9fcb823946b597c94ebd8e97cfc806bad9 x86_64/debug/mysql-debuginfo-4.1.20-1.FC4.1.x86_64.rpm
4685407fc3d74c374f303972e8c7d9426251a08e i386/mysql-4.1.20-1.FC4.1.i386.rpm
0d3793c3afa3df8af3dc3db7cef77fc1b6138f31 i386/mysql-server-4.1.20-1.FC4.1.i386.rpm
3edbc9f896f3bc7333883b37387d70739a0236b8 i386/mysql-devel-4.1.20-1.FC4.1.i386.rpm
f8922d149279b1e93fa32ad416870b370341565e i386/mysql-bench-4.1.20-1.FC4.1.i386.rpm
1713824ea3a2227e9ac68aa466720c0bcdca9e01 i386/debug/mysql-debuginfo-4.1.20-1.FC4.1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

23c4a091e7f485bf2eff2125f9dd5f65a493be50 SRPMS/mysql-5.0.22-1.FC5.1.src.rpm
23c4a091e7f485bf2eff2125f9dd5f65a493be50 noarch/mysql-5.0.22-1.FC5.1.src.rpm
cf0d30e376566afd4c2e8381525af64cd671b51a ppc/mysql-server-5.0.22-1.FC5.1.ppc.rpm
18d892cf0c4ca36cdae697f21172305fafa5d9ba ppc/mysql-bench-5.0.22-1.FC5.1.ppc.rpm
772452a13306fa66c4556c21e85c7bd10449319f ppc/debug/mysql-debuginfo-5.0.22-1.FC5.1.ppc.rpm
a7f078e251824e6a5efc5714a7a74f7986745ba4 ppc/mysql-test-5.0.22-1.FC5.1.ppc.rpm
72fae9b35f54e153952d1fe81a86f46e424d38ce ppc/mysql-5.0.22-1.FC5.1.ppc.rpm
785ca235956b239ee07098a2ca99d0d528287e11 ppc/mysql-devel-5.0.22-1.FC5.1.ppc.rpm
631f47d4de4cadacd53eac73c8c81c3abe390cf4 x86_64/debug/mysql-debuginfo-5.0.22-1.FC5.1.x86_64.rpm
a1a2fcc0eb43be06c1e02b2340b843d30e4a1685 x86_64/mysql-devel-5.0.22-1.FC5.1.x86_64.rpm
0cfa1a1b7f089ad3538d4df9372ce31265c2b184 x86_64/mysql-bench-5.0.22-1.FC5.1.x86_64.rpm
09e374f800f2ed5670276d99c186f044b6f9cca7 x86_64/mysql-test-5.0.22-1.FC5.1.x86_64.rpm
81bf1709624752ea6729fa84a5413913458cc6e1 x86_64/mysql-5.0.22-1.FC5.1.x86_64.rpm
4f01ba723de3b4c08e94a3fdff36048ae55daae1 x86_64/mysql-server-5.0.22-1.FC5.1.x86_64.rpm
710173326bbfd3587066f6515565730b3c93d971 i386/mysql-bench-5.0.22-1.FC5.1.i386.rpm
8f7f0c342e906f2c10d0df471f18b17d5573b25c i386/debug/mysql-debuginfo-5.0.22-1.FC5.1.i386.rpm
e9739f1e84d651b0f818e9475ea86bda27330237 i386/mysql-server-5.0.22-1.FC5.1.i386.rpm
5c4fbd41447768249dbc8f4a147a45ed0933afb0 i386/mysql-devel-5.0.22-1.FC5.1.i386.rpm
150855aa07fe5d29dce06b8c5c3242c1fa40126a i386/mysql-5.0.22-1.FC5.1.i386.rpm
b432b8e2476280d92ac0b6af57f29b2f7d2adcf2 i386/mysql-test-5.0.22-1.FC5.1.i386.rpm

References

http://www.vupen.com/english/advisories/2006/2396
https://www.redhat.com/archives/fedora-package-announce/2006-June/msg00092.html
https://www.redhat.com/archives/fedora-package-announce/2006-June/msg00091.html

ChangeLog

2006-06-16 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations