This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
DB:MYSQL:CLIENT-BOF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
DB
|
Keywords |
Oracle MySQL Client Heap Buffer Overflow
|
Release Date |
2014/03/02
|
Update Number |
2350
|
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
DB: Oracle MySQL Client Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Oracle MySQL Client. This vulnerability is due to insufficient validation of the server's version string. A remote unauthenticated attacker can exploit this vulnerability by enticing the user to connect to a malicious server. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.
Extended Description
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Affected Products
- Mariadb mariadb 5.5.34
- Oracle mysql 5.5.0
- Oracle mysql 5.5.1
- Oracle mysql 5.5.10
- Oracle mysql 5.5.11
- Oracle mysql 5.5.12
- Oracle mysql 5.5.13
- Oracle mysql 5.5.14
- Oracle mysql 5.5.15
- Oracle mysql 5.5.16
- Oracle mysql 5.5.17
- Oracle mysql 5.5.18
- Oracle mysql 5.5.19
- Oracle mysql 5.5.2
- Oracle mysql 5.5.20
- Oracle mysql 5.5.21
- Oracle mysql 5.5.22
- Oracle mysql 5.5.23
- Oracle mysql 5.5.24
- Oracle mysql 5.5.25
- Oracle mysql 5.5.26
- Oracle mysql 5.5.27
- Oracle mysql 5.5.28
- Oracle mysql 5.5.29
- Oracle mysql 5.5.3
- Oracle mysql 5.5.30
- Oracle mysql 5.5.31
- Oracle mysql 5.5.32
- Oracle mysql 5.5.33
- Oracle mysql 5.5.34
- Oracle mysql 5.5.35
- Oracle mysql 5.5.36
- Oracle mysql 5.5.4
- Oracle mysql 5.5.5
- Oracle mysql 5.5.6
- Oracle mysql 5.5.7
- Oracle mysql 5.5.9
- Oracle mysql 5.6.0
- Oracle mysql 5.6.1
- Oracle mysql 5.6.10
- Oracle mysql 5.6.11
- Oracle mysql 5.6.12
- Oracle mysql 5.6.13
- Oracle mysql 5.6.14
- Oracle mysql 5.6.15
- Oracle mysql 5.6.16
- Oracle mysql 5.6.2
- Oracle mysql 5.6.3
- Oracle mysql 5.6.4
- Oracle mysql 5.6.5
- Oracle mysql 5.6.6
- Oracle mysql 5.6.7
- Oracle mysql 5.6.8
- Oracle mysql 5.6.9
- Redhat enterprise_linux 5
- Redhat enterprise_linux 6.0
- Redhat enterprise_linux_desktop 5.0
- Redhat enterprise_linux_desktop 6.0
- Redhat enterprise_linux_server 6.0
- Redhat enterprise_linux_workstation 6.0
References