MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability
BID:12265
Info
MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 12265 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 14 2005 12:00AM |
| Updated: | Jan 14 2005 12:00AM |
| Credit: | An anonymous researcher discovered this issue. |
| Vulnerable: |
MySQL AB MaxDB 7.5 .00.16 MySQL AB MaxDB 7.5 .00.15 MySQL AB MaxDB 7.5 .00.14 MySQL AB MaxDB 7.5 .00.12 MySQL AB MaxDB 7.5 .00.11 MySQL AB MaxDB 7.5 .00.08 MySQL AB MaxDB 7.5 .00 |
| Not Vulnerable: |
MySQL AB MaxDB 7.5 .00.23 MySQL AB MaxDB 7.5 .00.19 MySQL AB MaxDB 7.5 .00.18 |
Discussion
MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability
MySQL MaxDB WebAgent WebSQL is reported prone to a remote buffer overflow vulnerability. This issue results from insufficient boundary checks performed by the application when handling malformed user-supplied data. It is possible that an attacker may leverage this issue to execute arbitrary code on a vulnerable computer.
This issue can lead to a superuser compromise.
This issue is reported to affect MaxDB 7.5.00, however, it is likely that other versions prior to 7.5.00.18 are vulnerable.
MySQL MaxDB WebAgent WebSQL is reported prone to a remote buffer overflow vulnerability. This issue results from insufficient boundary checks performed by the application when handling malformed user-supplied data. It is possible that an attacker may leverage this issue to execute arbitrary code on a vulnerable computer.
This issue can lead to a superuser compromise.
This issue is reported to affect MaxDB 7.5.00, however, it is likely that other versions prior to 7.5.00.18 are vulnerable.
Exploit / POC
MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability
Solution:
The vendor has addressed in this issue in MaxDB 7.5.00.18 and subsequent.
MySQL AB MaxDB 7.5 .00.14
MySQL AB MaxDB 7.5 .00.11
MySQL AB MaxDB 7.5 .00.15
MySQL AB MaxDB 7.5 .00.08
MySQL AB MaxDB 7.5 .00
MySQL AB MaxDB 7.5 .00.12
MySQL AB MaxDB 7.5 .00.16
Solution:
The vendor has addressed in this issue in MaxDB 7.5.00.18 and subsequent.
MySQL AB MaxDB 7.5 .00.14
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.11
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.15
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.08
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.12
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.16
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
References
MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow Vulnerability
References:
References:
- iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer (iDEFENSE)
- MaxDB Homepage (MySQL AB)