This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
DB:MYSQL:MYSQL-PASSWORD-OF
|
Severity |
Critical
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
DB
|
Keywords |
MySQL Password Field Buffer Overflow
|
Release Date |
2003/09/18
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
DB: MySQL Password Field Buffer Overflow
This signature detects attempts to exploit a known vulnerability against password changes in the MySQL server. By supplying an overly long value to the password field, the attacker can execute arbitrary commands on the victim host. Administrator level access on the database is required to exploit this vulnerability. This vulnerability is present in MySQL versions earlier than 4.0.15.
Extended Description
MySQL server has been reported prone to a buffer overflow vulnerability when handling user passwords of excessive size.
The issue presents itself, due to a lack of sufficient bounds checking performed when processing MySQL user passwords. A password greater that 16 characters may overrun the bounds of a reserved buffer in memory and corrupt adjacent memory. An attacker with global administrative privileges on an affected MySQL server may potentially exploit this condition to have arbitrary supplied instructions executed in the context of the MySQL server.
Affected Products
- Conectiva linux 7.0.0
- Conectiva linux 8.0.0
- Conectiva linux 9.0.0
- Mysql_ab mysql 3.23.0 .x
- Mysql_ab mysql 3.23.10
- Mysql_ab mysql 3.23.2
- Mysql_ab mysql 3.23.22
- Mysql_ab mysql 3.23.23
- Mysql_ab mysql 3.23.24
- Mysql_ab mysql 3.23.25
- Mysql_ab mysql 3.23.26
- Mysql_ab mysql 3.23.27
- Mysql_ab mysql 3.23.28
- Mysql_ab mysql 3.23.28 gamma
- Mysql_ab mysql 3.23.29
- Mysql_ab mysql 3.23.3
- Mysql_ab mysql 3.23.30
- Mysql_ab mysql 3.23.31
- Mysql_ab mysql 3.23.32
- Mysql_ab mysql 3.23.33
- Mysql_ab mysql 3.23.34
- Mysql_ab mysql 3.23.36
- Mysql_ab mysql 3.23.37
- Mysql_ab mysql 3.23.38
- Mysql_ab mysql 3.23.39
- Mysql_ab mysql 3.23.4
- Mysql_ab mysql 3.23.40
- Mysql_ab mysql 3.23.41
- Mysql_ab mysql 3.23.42
- Mysql_ab mysql 3.23.43
- Mysql_ab mysql 3.23.44
- Mysql_ab mysql 3.23.45
- Mysql_ab mysql 3.23.46
- Mysql_ab mysql 3.23.47
- Mysql_ab mysql 3.23.48
- Mysql_ab mysql 3.23.49
- Mysql_ab mysql 3.23.5
- Mysql_ab mysql 3.23.50
- Mysql_ab mysql 3.23.51
- Mysql_ab mysql 3.23.52
- Mysql_ab mysql 3.23.53
- Mysql_ab mysql 3.23.53 a
- Mysql_ab mysql 3.23.54
- Mysql_ab mysql 3.23.54 a
- Mysql_ab mysql 3.23.55
- Mysql_ab mysql 3.23.56
- Mysql_ab mysql 3.23.58
- Mysql_ab mysql 3.23.8
- Mysql_ab mysql 3.23.9
- Mysql_ab mysql 4.0.0 .0
- Mysql_ab mysql 4.0.1
- Mysql_ab mysql 4.0.10
- Mysql_ab mysql 4.0.11
- Mysql_ab mysql 4.0.11 -Gamma
- Mysql_ab mysql 4.0.12
- Mysql_ab mysql 4.0.13
- Mysql_ab mysql 4.0.14
- Mysql_ab mysql 4.0.2
- Mysql_ab mysql 4.0.3
- Mysql_ab mysql 4.0.4
- Mysql_ab mysql 4.0.5
- Mysql_ab mysql 4.0.5 A
- Mysql_ab mysql 4.0.6
- Mysql_ab mysql 4.0.7
- Mysql_ab mysql 4.0.7 -Gamma
- Mysql_ab mysql 4.0.8
- Mysql_ab mysql 4.0.8 -Gamma
- Mysql_ab mysql 4.0.9
- Mysql_ab mysql 4.0.9 -Gamma
- Mysql_ab mysql 4.1.0-0
- Mysql_ab mysql 4.1.0.0-Alpha
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0
- Red_hat enterprise_linux_as 2.1
- Red_hat enterprise_linux_es 2.1
- Red_hat enterprise_linux_ws 2.1
- Sgi propack 2.2.1
- Sgi propack 2.3.0
References