Embedded MySQL Marked As Vulnerable by Nessus (CVE-2006-1516)


A network scan of the embedded MySQL in the ScaleArc appliance may reveal the presence of a vulnerability that allows remote attackers to read portions of memory via a username without a trailing null byte, causing a buffer over-read.



This is a false positive detected by Nessus, because ScaleArc responds with an "Access Denied" message which is what Nessus is looking for to conclude that it is this particular vulnerability. This is a very old vulnerability that affected versions till MySQL 5.0 (available in RHEL 4) and ScaleArc 2021.1 already is on 5.5.

Additionally, mariadb and mariadb-libs, packages used by ScaleArc, are tied to the 5.5.65 version present in CentOS 7.5, which means that if it is upgraded externally a future ScaleArc upgrade could fail due to package prechecks.



Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request