Description: | Description:
The remote host is missing an update to mysql-dfsg announced via advisory USN-283-1.
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected: mysql-server mysql-server-4.1
Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516)
Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request. (CVE-2006-1517)
Solution: The problem can be corrected by upgrading the affected package to version 4.0.23-3ubuntu2.3 (for Ubuntu 5.04), 4.0.24-10ubuntu2.2 (mysql-server for Ubuntu 5.10), or 4.1.12-1ubuntu3.3 (mysql-server-4.1 for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
http://www.securityspace.com/smysecure/catid.html?in=USN-283-1
Risk factor : Medium
CVSS Score: 5.0
|