|Bugzilla:||194613: CVE-2006-0903 Mysql log file obfuscation|
The MITRE CVE dictionary describes this issue as:
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1 and 3:
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
This issue has been fixed for Red Hat Enterprise Linux 4 in RHSA-2006:0544.
Red Hat security errata
|Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (mysql)||RHSA-2007:0083||February 19, 2007|
|Red Hat Enterprise Linux version 4 (mysql)||RHSA-2006:0544||June 09, 2006|
|Red Hat Enterprise Linux version 5 (mysql)||RHSA-2008:0364||May 20, 2008|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.