Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DB:MYSQL:CLIENT-BOF

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle MySQL Client Heap Buffer Overflow

Release Date

 2014/03/02

Update Number

 2350

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DB: Oracle MySQL Client Heap Buffer Overflow


This signature detects attempts to exploit a known vulnerability in Oracle MySQL Client. This vulnerability is due to insufficient validation of the server's version string. A remote unauthenticated attacker can exploit this vulnerability by enticing the user to connect to a malicious server. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Extended Description

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Affected Products

  • Mariadb mariadb 5.5.34
  • Oracle mysql 5.5.0
  • Oracle mysql 5.5.1
  • Oracle mysql 5.5.10
  • Oracle mysql 5.5.11
  • Oracle mysql 5.5.12
  • Oracle mysql 5.5.13
  • Oracle mysql 5.5.14
  • Oracle mysql 5.5.15
  • Oracle mysql 5.5.16
  • Oracle mysql 5.5.17
  • Oracle mysql 5.5.18
  • Oracle mysql 5.5.19
  • Oracle mysql 5.5.2
  • Oracle mysql 5.5.20
  • Oracle mysql 5.5.21
  • Oracle mysql 5.5.22
  • Oracle mysql 5.5.23
  • Oracle mysql 5.5.24
  • Oracle mysql 5.5.25
  • Oracle mysql 5.5.26
  • Oracle mysql 5.5.27
  • Oracle mysql 5.5.28
  • Oracle mysql 5.5.29
  • Oracle mysql 5.5.3
  • Oracle mysql 5.5.30
  • Oracle mysql 5.5.31
  • Oracle mysql 5.5.32
  • Oracle mysql 5.5.33
  • Oracle mysql 5.5.34
  • Oracle mysql 5.5.35
  • Oracle mysql 5.5.36
  • Oracle mysql 5.5.4
  • Oracle mysql 5.5.5
  • Oracle mysql 5.5.6
  • Oracle mysql 5.5.7
  • Oracle mysql 5.5.9
  • Oracle mysql 5.6.0
  • Oracle mysql 5.6.1
  • Oracle mysql 5.6.10
  • Oracle mysql 5.6.11
  • Oracle mysql 5.6.12
  • Oracle mysql 5.6.13
  • Oracle mysql 5.6.14
  • Oracle mysql 5.6.15
  • Oracle mysql 5.6.16
  • Oracle mysql 5.6.2
  • Oracle mysql 5.6.3
  • Oracle mysql 5.6.4
  • Oracle mysql 5.6.5
  • Oracle mysql 5.6.6
  • Oracle mysql 5.6.7
  • Oracle mysql 5.6.8
  • Oracle mysql 5.6.9
  • Redhat enterprise_linux 5
  • Redhat enterprise_linux 6.0
  • Redhat enterprise_linux_desktop 5.0
  • Redhat enterprise_linux_desktop 6.0
  • Redhat enterprise_linux_server 6.0
  • Redhat enterprise_linux_workstation 6.0

References

  • BugTraq: 65298
  • CVE: CVE-2014-0001

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out