CVE-2006-0903

Publication date 27 February 2006

Last updated 24 July 2024

Ubuntu priority

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
mysql-dfsg-5.0	7.04 feisty	Fixed 5.0.38-0ubuntu1
	6.10 edgy	Fixed 5.0.24a-9ubuntu0.1
	6.06 LTS dapper	Fixed 5.0.22-0ubuntu6.06.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-274-2
MySQL vulnerability
15 May 2006

USN-274-1
MySQL vulnerability
27 April 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-0903