MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities
BID:12313
Info
MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities
| Bugtraq ID: | 12313 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-0081 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | An anonymous researcher discovered this issue. |
| Vulnerable: |
MySQL AB MaxDB 7.5 .00.19 MySQL AB MaxDB 7.5 .00.18 MySQL AB MaxDB 7.5 .00.16 MySQL AB MaxDB 7.5 .00.15 MySQL AB MaxDB 7.5 .00.14 MySQL AB MaxDB 7.5 .00.12 MySQL AB MaxDB 7.5 .00.11 MySQL AB MaxDB 7.5 .00.08 MySQL AB MaxDB 7.5 .00 |
| Not Vulnerable: |
MySQL AB MaxDB 7.5 .00.23 |
Discussion
MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities
MaxDB WebAgent is reported prone to multiple remote denial of service vulnerabilities. These issues arise as the application fails to handle exceptional conditions properly.
The following specific issues were identified:
The first vulnerability exists due to a NULL pointer dereference.
The second vulnerability arises when the application handles malformed HTTP headers.
MaxDB versions prior to 7.5.0.21 are likely to be vulnerable to these issues. This issue has been confirmed in version 7.5.0.0.
MaxDB WebAgent is reported prone to multiple remote denial of service vulnerabilities. These issues arise as the application fails to handle exceptional conditions properly.
The following specific issues were identified:
The first vulnerability exists due to a NULL pointer dereference.
The second vulnerability arises when the application handles malformed HTTP headers.
MaxDB versions prior to 7.5.0.21 are likely to be vulnerable to these issues. This issue has been confirmed in version 7.5.0.0.
Exploit / POC
MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities
Solution:
The vendor has addressed this issue in MaxDB 7.5.00.21 and subsequent releases. MaxDB 7.5.00.23 is available for download.
MySQL AB MaxDB 7.5 .00.08
MySQL AB MaxDB 7.5 .00.12
MySQL AB MaxDB 7.5 .00.16
MySQL AB MaxDB 7.5 .00.14
MySQL AB MaxDB 7.5 .00.15
MySQL AB MaxDB 7.5 .00.11
MySQL AB MaxDB 7.5 .00
Solution:
The vendor has addressed this issue in MaxDB 7.5.00.21 and subsequent releases. MaxDB 7.5.00.23 is available for download.
MySQL AB MaxDB 7.5 .00.08
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.12
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.16
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.14
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.15
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00.11
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
MySQL AB MaxDB 7.5 .00
-
MySQL AB MaxDB 7.5.00.23
http://dev.mysql.com/downloads/maxdb/7.5.00.html
References
MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilities
References:
References:
- MaxDB Homepage (MySQL AB)
- iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent ("Michael Sutton"