MySQL Mysql_real_escape Function SQL Injection Vulnerability
BID:18219
CVE-2006-2753 |Info
MySQL Mysql_real_escape Function SQL Injection Vulnerability
| Bugtraq ID: | 18219 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-2753 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 01 2006 12:00AM |
| Updated: | Mar 14 2007 04:24AM |
| Credit: | The vendor announced this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.0.21 MySQL AB MySQL 5.0.20 MySQL AB MySQL 5.0.18 MySQL AB MySQL 5.0.4 MySQL AB MySQL 5.0.3 MySQL AB MySQL 5.0.2 MySQL AB MySQL 5.0.1 MySQL AB MySQL 5.0 .0-alpha MySQL AB MySQL 5.0 .0-0 MySQL AB MySQL 4.1.19 MySQL AB MySQL 4.1.18 MySQL AB MySQL 4.1.13 MySQL AB MySQL 4.1.5 MySQL AB MySQL 4.1.4 MySQL AB MySQL 4.1.3 -beta MySQL AB MySQL 4.1.3 -beta MySQL AB MySQL 4.1.3 -0 MySQL AB MySQL 4.1.2 -alpha MySQL AB MySQL 4.1 .11 MySQL AB MySQL 4.1.11a MySQL AB MySQL 4.1.10a MySQL AB MySQL 4.1.0.0-alpha MySQL AB MySQL 4.1.0-0 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 |
| Not Vulnerable: |
MySQL AB MySQL 5.0.22 -1-0.1 MySQL AB MySQL 4.1.20 Apple Mac OS X Server 10.4.9 |
Discussion
MySQL Mysql_real_escape Function SQL Injection Vulnerability
MySQL is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise an application using a vulnerable database or to compromise the database itself.
MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are vulnerable. Other versions may also be affected.
MySQL is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise an application using a vulnerable database or to compromise the database itself.
MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are vulnerable. Other versions may also be affected.
Exploit / POC
MySQL Mysql_real_escape Function SQL Injection Vulnerability
This issue can be exploited via a web client.
This issue can be exploited via a web client.
Solution / Fix
MySQL Mysql_real_escape Function SQL Injection Vulnerability
Solution:
Versions 5.0.22-1-0.1 and 4.1.20 have been released to address this issue; please see the reference section for more information.
MySQL AB MySQL 4.1.11a
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.8
MySQL AB MySQL 4.1.13
Solution:
Versions 5.0.22-1-0.1 and 4.1.20 have been released to address this issue; please see the reference section for more information.
MySQL AB MySQL 4.1.11a
-
Debian libmysqlclient14-dev_4.1.11a-4sarge4_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_alpha.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_amd64.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_arm.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_hppa.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_i386.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_ia64.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_m68k.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_mips.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_mipsel.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_powerpc.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_s390.deb -
Debian libmysqlclient14-dev_4.1.11a-4sarge4_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_sparc.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_alpha.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_amd64.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_arm.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_hppa.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_i386.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_ia64.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_m68k.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_mips.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_mipsel.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_powerpc.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_s390.deb -
Debian libmysqlclient14_4.1.11a-4sarge4_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_sparc.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_alpha.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_amd64.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_arm.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_hppa.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_i386.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_ia64.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_m68k.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_mips.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_mipsel.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_powerpc.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_s390.deb -
Debian mysql-client-4.1_4.1.11a-4sarge4_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-cl ient-4.1_4.1.11a-4sarge4_sparc.deb -
Debian mysql-common-4.1_4.1.11a-4sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-co mmon-4.1_4.1.11a-4sarge4_all.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_alpha.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_amd64.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_arm.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_hppa.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_i386.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_ia64.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_m68k.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_mips.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_mipsel.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_powerpc.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_s390.deb -
Debian mysql-server-4.1_4.1.11a-4sarge4_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-se rver-4.1_4.1.11a-4sarge4_sparc.deb
Apple Mac OS X Server 10.4
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.1
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.2
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.3
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.4
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.5
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.6
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.7
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
MySQL AB MySQL 4.1.13
-
Trustix mysql-4.1.15-3tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix mysql-bench-4.1.15-3tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix mysql-client-4.1.15-3tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix mysql-devel-4.1.15-3tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix mysql-libs-4.1.15-3tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix mysql-shared-4.1.15-3tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates/
References
MySQL Mysql_real_escape Function SQL Injection Vulnerability
References:
References:
- MySQL announce: MySQL 4.1.20 has been released (MySQL)
- MySQL Homepage (T.C.X DataKonsult)
- MySQL Lists: announce: Clarification: MySQL 3.23 and 4.0 are NOT affected by the (MySQL)
- RHSA-2006:0544-6 - mysql security update (Red Hat)