NVD Vulnerability Detail

CVE-2006-0903

Summary	MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Publication Date	Feb. 28, 2006, 8:02 a.m.
Registration Date	Jan. 29, 2021, 3:32 p.m.
Last Update	Nov. 7, 2023, 10:58 a.m.

CVSS2.0 : MEDIUM
Score	4.6
Vector	AV:L/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:5.0.5:::::::*
cpe:2.3:a:mysql:mysql:5.0.10:::::::*
cpe:2.3:a:mysql:mysql:5.0.15:::::::*
cpe:2.3:a:mysql:mysql:5.0.17:::::::*
cpe:2.3:a:mysql:mysql:4.1.13:::::::*
cpe:2.3:a:mysql:mysql:4.1.15:::::::*
cpe:2.3:a:mysql:mysql:4.1.8:::::::*
cpe:2.3:a:mysql:mysql:4.1.14:::::::*
cpe:2.3:a:mysql:mysql:4.1.12:::::::*
cpe:2.3:a:mysql:mysql:4.1.10:::::::*
cpe:2.3:a:mysql:mysql:5.0.2:::::::*
cpe:2.3:a:mysql:mysql:5.0.1:::::::*
cpe:2.3:a:mysql:mysql:4.1.0:::::::*
cpe:2.3:a:mysql:mysql:5.0.4:::::::*
cpe:2.3:a:mysql:mysql:4.1.3:::::::*
cpe:2.3:a:mysql:mysql:5.0.16:::::::*
cpe:2.3:a:oracle:mysql:3.23:::::::*
cpe:2.3:a:oracle:mysql:3.23.0:alpha::::::
cpe:2.3:a:oracle:mysql:3.23.1:::::::*
cpe:2.3:a:oracle:mysql:3.23.2:::::::*
cpe:2.3:a:oracle:mysql:3.23.3:::::::*
cpe:2.3:a:oracle:mysql:3.23.4:::::::*
cpe:2.3:a:oracle:mysql:3.23.5:::::::*
cpe:2.3:a:oracle:mysql:3.23.6:::::::*
cpe:2.3:a:oracle:mysql:3.23.7:::::::*
cpe:2.3:a:oracle:mysql:3.23.8:::::::*
cpe:2.3:a:oracle:mysql:3.23.9:::::::*
cpe:2.3:a:oracle:mysql:3.23.10:::::::*
cpe:2.3:a:oracle:mysql:3.23.11:::::::*
cpe:2.3:a:oracle:mysql:3.23.12:::::::*
cpe:2.3:a:oracle:mysql:3.23.13:::::::*
cpe:2.3:a:oracle:mysql:3.23.14:::::::*
cpe:2.3:a:oracle:mysql:3.23.15:::::::*
cpe:2.3:a:oracle:mysql:3.23.16:::::::*
cpe:2.3:a:oracle:mysql:3.23.17:::::::*
cpe:2.3:a:oracle:mysql:3.23.18:::::::*
cpe:2.3:a:oracle:mysql:3.23.19:::::::*
cpe:2.3:a:oracle:mysql:3.23.20:beta::::::
cpe:2.3:a:oracle:mysql:3.23.21:::::::*
cpe:2.3:a:oracle:mysql:3.23.22:::::::*
cpe:2.3:a:oracle:mysql:3.23.23:::::::*
cpe:2.3:a:oracle:mysql:3.23.24:::::::*
cpe:2.3:a:oracle:mysql:3.23.25:::::::*
cpe:2.3:a:oracle:mysql:3.23.26:::::::*
cpe:2.3:a:oracle:mysql:3.23.27:::::::*
cpe:2.3:a:oracle:mysql:3.23.28:gamma::::::
cpe:2.3:a:oracle:mysql:3.23.29:::::::*
cpe:2.3:a:oracle:mysql:3.23.30:::::::*
cpe:2.3:a:oracle:mysql:3.23.31:::::::*
cpe:2.3:a:oracle:mysql:3.23.32:::::::*
cpe:2.3:a:oracle:mysql:3.23.33:::::::*
cpe:2.3:a:oracle:mysql:3.23.34:::::::*
cpe:2.3:a:oracle:mysql:3.23.35:::::::*
cpe:2.3:a:oracle:mysql:3.23.36:::::::*
cpe:2.3:a:oracle:mysql:3.23.37:::::::*
cpe:2.3:a:oracle:mysql:3.23.38:::::::*
cpe:2.3:a:oracle:mysql:3.23.39:::::::*
cpe:2.3:a:oracle:mysql:3.23.40:::::::*
cpe:2.3:a:oracle:mysql:3.23.41:::::::*
cpe:2.3:a:oracle:mysql:3.23.42:::::::*
cpe:2.3:a:oracle:mysql:3.23.43:::::::*
cpe:2.3:a:oracle:mysql:3.23.44:::::::*
cpe:2.3:a:oracle:mysql:3.23.45:::::::*
cpe:2.3:a:oracle:mysql:3.23.46:::::::*
cpe:2.3:a:oracle:mysql:3.23.47:::::::*
cpe:2.3:a:oracle:mysql:3.23.48:::::::*
cpe:2.3:a:oracle:mysql:3.23.49:::::::*
cpe:2.3:a:oracle:mysql:3.23.50:::::::*
cpe:2.3:a:oracle:mysql:3.23.51:::::::*
cpe:2.3:a:oracle:mysql:3.23.52:::::::*
cpe:2.3:a:oracle:mysql:3.23.53:::::::*
cpe:2.3:a:oracle:mysql:3.23.54:::::::*
cpe:2.3:a:oracle:mysql:3.23.55:::::::*
cpe:2.3:a:oracle:mysql:3.23.56:::::::*
cpe:2.3:a:oracle:mysql:3.23.57:::::::*
cpe:2.3:a:oracle:mysql:3.23.58:::::::*
cpe:2.3:a:oracle:mysql:3.23.59:::::::*
cpe:2.3:a:oracle:mysql:4.0.0:::::::*
cpe:2.3:a:oracle:mysql:4.0.1:::::::*
cpe:2.3:a:oracle:mysql:4.0.2:::::::*
cpe:2.3:a:oracle:mysql:4.0.3:::::::*
cpe:2.3:a:oracle:mysql:4.0.4:::::::*
cpe:2.3:a:oracle:mysql:4.0.5:::::::*
cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
cpe:2.3:a:oracle:mysql:4.0.6:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.8:::::::*
cpe:2.3:a:oracle:mysql:4.0.9:::::::*
cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.10:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.11:::::::*
cpe:2.3:a:oracle:mysql:4.0.12:::::::*
cpe:2.3:a:oracle:mysql:4.0.13:::::::*
cpe:2.3:a:oracle:mysql:4.0.14:::::::*
cpe:2.3:a:oracle:mysql:4.0.15:::::::*
cpe:2.3:a:oracle:mysql:4.0.16:::::::*
cpe:2.3:a:oracle:mysql:4.0.17:::::::*
cpe:2.3:a:oracle:mysql:4.0.18:::::::*
cpe:2.3:a:oracle:mysql:4.0.19:::::::*
cpe:2.3:a:oracle:mysql:4.0.20:::::::*
cpe:2.3:a:oracle:mysql:4.0.21:::::::*
cpe:2.3:a:oracle:mysql:4.0.23:::::::*
cpe:2.3:a:oracle:mysql:4.0.24:::::::*
cpe:2.3:a:oracle:mysql:4.0.25:::::::*
cpe:2.3:a:oracle:mysql:4.0.26:::::::*
cpe:2.3:a:oracle:mysql:4.0.27:::::::*
cpe:2.3:a:oracle:mysql:4.1.0:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.2:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.3:beta::::::
cpe:2.3:a:oracle:mysql:4.1.4:::::::*
cpe:2.3:a:oracle:mysql:4.1.5:::::::*
cpe:2.3:a:oracle:mysql:4.1.6:::::::*
cpe:2.3:a:oracle:mysql:4.1.7:::::::*
cpe:2.3:a:oracle:mysql:4.1.9:::::::*
cpe:2.3:a:oracle:mysql:4.1.11:::::::*
cpe:2.3:a:oracle:mysql:4.1.16:::::::*
cpe:2.3:a:oracle:mysql:4.1.17:::::::*
cpe:2.3:a:oracle:mysql:4.1.18:::::::*
cpe:2.3:a:oracle:mysql:4.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.0.0:alpha::::::
cpe:2.3:a:oracle:mysql:5.0.3:beta::::::
cpe:2.3:a:oracle:mysql:5.0.6:::::::*
cpe:2.3:a:oracle:mysql:5.0.11:::::::*
cpe:2.3:a:oracle:mysql:5.0.12:::::::*
cpe:2.3:a:oracle:mysql:5.0.13:::::::*
cpe:2.3:a:oracle:mysql:5.0.14:::::::*
cpe:2.3:a:oracle:mysql:5.0.18:::::::*
cpe:2.3:a:oracle:mysql:5.0.7:::::::*
cpe:2.3:a:oracle:mysql:5.0.8:::::::*
cpe:2.3:a:oracle:mysql:5.0.9:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://rst.void.ru/papers/advisory39.txt	MISC
2	http://secunia.com/advisories/19034	SECUNIA	Vendor Advisory
3	http://www.securityfocus.com/bid/16850	BID
4	http://securitytracker.com/id?1015693	SECTRACK
5	http://bugs.mysql.com/bug.php?id=17667	CONFIRM
6	http://secunia.com/advisories/19502	SECUNIA
7	http://secunia.com/advisories/19814	SECUNIA
8	http://www.debian.org/security/2006/dsa-1071	DEBIAN
9	http://www.debian.org/security/2006/dsa-1073	DEBIAN
10	http://secunia.com/advisories/20241	SECUNIA
11	http://secunia.com/advisories/20253	SECUNIA
12	http://www.debian.org/security/2006/dsa-1079	DEBIAN
13	http://secunia.com/advisories/20333	SECUNIA
14	http://www.redhat.com/support/errata/RHSA-2006-0544.html	REDHAT
15	http://secunia.com/advisories/20625	SECUNIA
16	http://www.ubuntu.com/usn/usn-274-2	UBUNTU
17	http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0653.html	FULLDISC
18	http://www.redhat.com/support/errata/RHSA-2007-0083.html	REDHAT
19	http://www.mandriva.com/security/advisories?name=MDKSA-2006:064	MANDRIVA
20	http://secunia.com/advisories/30351	SECUNIA
21	http://www.redhat.com/support/errata/RHSA-2008-0364.html	REDHAT
22	http://www.vupen.com/english/advisories/2006/0752	VUPEN
23	https://exchange.xforce.ibmcloud.com/vulnerabilities/24966	XF
24	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9915	OVAL
25	https://usn.ubuntu.com/274-1/	UBUNTU

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:5.0.5:::::::*
cpe:2.3:a:mysql:mysql:5.0.10:::::::*
cpe:2.3:a:mysql:mysql:5.0.15:::::::*
cpe:2.3:a:mysql:mysql:5.0.17:::::::*
cpe:2.3:a:mysql:mysql:4.1.13:::::::*
cpe:2.3:a:mysql:mysql:4.1.15:::::::*
cpe:2.3:a:mysql:mysql:4.1.8:::::::*
cpe:2.3:a:mysql:mysql:4.1.14:::::::*
cpe:2.3:a:mysql:mysql:4.1.12:::::::*
cpe:2.3:a:mysql:mysql:4.1.10:::::::*
cpe:2.3:a:mysql:mysql:5.0.2:::::::*
cpe:2.3:a:mysql:mysql:5.0.1:::::::*
cpe:2.3:a:mysql:mysql:4.1.0:::::::*
cpe:2.3:a:mysql:mysql:5.0.4:::::::*
cpe:2.3:a:mysql:mysql:4.1.3:::::::*
cpe:2.3:a:mysql:mysql:5.0.16:::::::*
cpe:2.3:a:oracle:mysql:3.23:::::::*
cpe:2.3:a:oracle:mysql:3.23.0:alpha::::::
cpe:2.3:a:oracle:mysql:3.23.1:::::::*
cpe:2.3:a:oracle:mysql:3.23.2:::::::*
cpe:2.3:a:oracle:mysql:3.23.3:::::::*
cpe:2.3:a:oracle:mysql:3.23.4:::::::*
cpe:2.3:a:oracle:mysql:3.23.5:::::::*
cpe:2.3:a:oracle:mysql:3.23.6:::::::*
cpe:2.3:a:oracle:mysql:3.23.7:::::::*
cpe:2.3:a:oracle:mysql:3.23.8:::::::*
cpe:2.3:a:oracle:mysql:3.23.9:::::::*
cpe:2.3:a:oracle:mysql:3.23.10:::::::*
cpe:2.3:a:oracle:mysql:3.23.11:::::::*
cpe:2.3:a:oracle:mysql:3.23.12:::::::*
cpe:2.3:a:oracle:mysql:3.23.13:::::::*
cpe:2.3:a:oracle:mysql:3.23.14:::::::*
cpe:2.3:a:oracle:mysql:3.23.15:::::::*
cpe:2.3:a:oracle:mysql:3.23.16:::::::*
cpe:2.3:a:oracle:mysql:3.23.17:::::::*
cpe:2.3:a:oracle:mysql:3.23.18:::::::*
cpe:2.3:a:oracle:mysql:3.23.19:::::::*
cpe:2.3:a:oracle:mysql:3.23.20:beta::::::
cpe:2.3:a:oracle:mysql:3.23.21:::::::*
cpe:2.3:a:oracle:mysql:3.23.22:::::::*
cpe:2.3:a:oracle:mysql:3.23.23:::::::*
cpe:2.3:a:oracle:mysql:3.23.24:::::::*
cpe:2.3:a:oracle:mysql:3.23.25:::::::*
cpe:2.3:a:oracle:mysql:3.23.26:::::::*
cpe:2.3:a:oracle:mysql:3.23.27:::::::*
cpe:2.3:a:oracle:mysql:3.23.28:gamma::::::
cpe:2.3:a:oracle:mysql:3.23.29:::::::*
cpe:2.3:a:oracle:mysql:3.23.30:::::::*
cpe:2.3:a:oracle:mysql:3.23.31:::::::*
cpe:2.3:a:oracle:mysql:3.23.32:::::::*
cpe:2.3:a:oracle:mysql:3.23.33:::::::*
cpe:2.3:a:oracle:mysql:3.23.34:::::::*
cpe:2.3:a:oracle:mysql:3.23.35:::::::*
cpe:2.3:a:oracle:mysql:3.23.36:::::::*
cpe:2.3:a:oracle:mysql:3.23.37:::::::*
cpe:2.3:a:oracle:mysql:3.23.38:::::::*
cpe:2.3:a:oracle:mysql:3.23.39:::::::*
cpe:2.3:a:oracle:mysql:3.23.40:::::::*
cpe:2.3:a:oracle:mysql:3.23.41:::::::*
cpe:2.3:a:oracle:mysql:3.23.42:::::::*
cpe:2.3:a:oracle:mysql:3.23.43:::::::*
cpe:2.3:a:oracle:mysql:3.23.44:::::::*
cpe:2.3:a:oracle:mysql:3.23.45:::::::*
cpe:2.3:a:oracle:mysql:3.23.46:::::::*
cpe:2.3:a:oracle:mysql:3.23.47:::::::*
cpe:2.3:a:oracle:mysql:3.23.48:::::::*
cpe:2.3:a:oracle:mysql:3.23.49:::::::*
cpe:2.3:a:oracle:mysql:3.23.50:::::::*
cpe:2.3:a:oracle:mysql:3.23.51:::::::*
cpe:2.3:a:oracle:mysql:3.23.52:::::::*
cpe:2.3:a:oracle:mysql:3.23.53:::::::*
cpe:2.3:a:oracle:mysql:3.23.54:::::::*
cpe:2.3:a:oracle:mysql:3.23.55:::::::*
cpe:2.3:a:oracle:mysql:3.23.56:::::::*
cpe:2.3:a:oracle:mysql:3.23.57:::::::*
cpe:2.3:a:oracle:mysql:3.23.58:::::::*
cpe:2.3:a:oracle:mysql:3.23.59:::::::*
cpe:2.3:a:oracle:mysql:4.0.0:::::::*
cpe:2.3:a:oracle:mysql:4.0.1:::::::*
cpe:2.3:a:oracle:mysql:4.0.2:::::::*
cpe:2.3:a:oracle:mysql:4.0.3:::::::*
cpe:2.3:a:oracle:mysql:4.0.4:::::::*
cpe:2.3:a:oracle:mysql:4.0.5:::::::*
cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
cpe:2.3:a:oracle:mysql:4.0.6:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.8:::::::*
cpe:2.3:a:oracle:mysql:4.0.9:::::::*
cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.10:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.11:::::::*
cpe:2.3:a:oracle:mysql:4.0.12:::::::*
cpe:2.3:a:oracle:mysql:4.0.13:::::::*
cpe:2.3:a:oracle:mysql:4.0.14:::::::*
cpe:2.3:a:oracle:mysql:4.0.15:::::::*
cpe:2.3:a:oracle:mysql:4.0.16:::::::*
cpe:2.3:a:oracle:mysql:4.0.17:::::::*
cpe:2.3:a:oracle:mysql:4.0.18:::::::*
cpe:2.3:a:oracle:mysql:4.0.19:::::::*
cpe:2.3:a:oracle:mysql:4.0.20:::::::*
cpe:2.3:a:oracle:mysql:4.0.21:::::::*
cpe:2.3:a:oracle:mysql:4.0.23:::::::*
cpe:2.3:a:oracle:mysql:4.0.24:::::::*
cpe:2.3:a:oracle:mysql:4.0.25:::::::*
cpe:2.3:a:oracle:mysql:4.0.26:::::::*
cpe:2.3:a:oracle:mysql:4.0.27:::::::*
cpe:2.3:a:oracle:mysql:4.1.0:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.2:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.3:beta::::::
cpe:2.3:a:oracle:mysql:4.1.4:::::::*
cpe:2.3:a:oracle:mysql:4.1.5:::::::*
cpe:2.3:a:oracle:mysql:4.1.6:::::::*
cpe:2.3:a:oracle:mysql:4.1.7:::::::*
cpe:2.3:a:oracle:mysql:4.1.9:::::::*
cpe:2.3:a:oracle:mysql:4.1.11:::::::*
cpe:2.3:a:oracle:mysql:4.1.16:::::::*
cpe:2.3:a:oracle:mysql:4.1.17:::::::*
cpe:2.3:a:oracle:mysql:4.1.18:::::::*
cpe:2.3:a:oracle:mysql:4.1.19:::::::*
cpe:2.3:a:oracle:mysql:5.0.0:alpha::::::
cpe:2.3:a:oracle:mysql:5.0.3:beta::::::
cpe:2.3:a:oracle:mysql:5.0.6:::::::*
cpe:2.3:a:oracle:mysql:5.0.11:::::::*
cpe:2.3:a:oracle:mysql:5.0.12:::::::*
cpe:2.3:a:oracle:mysql:5.0.13:::::::*
cpe:2.3:a:oracle:mysql:5.0.14:::::::*
cpe:2.3:a:oracle:mysql:5.0.18:::::::*
cpe:2.3:a:oracle:mysql:5.0.7:::::::*
cpe:2.3:a:oracle:mysql:5.0.8:::::::*
cpe:2.3:a:oracle:mysql:5.0.9:::::::*