CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-86
MySQL MaxDB WebDBM Database Name Handling Remote Buffer Overflow Vulnerability

Original Issue Date: September 02, 2006

Severity Rating: High

Systems Affected

MySQL MaxDB versions prior to 7.6.00.31

Overview

A vulnerability has been reported in MySQL server which could be exploited by remote attacker to execute arbitrary SQL commands.

Description

A buffer over flow vulnerability has been reported in MySQL MaxDB due to error in WebDBM when handling HTTP requests containing long database names, which could be exploited by remote attackers to execute arbitrary commands with "wahttp" privileges.

Solution

Upgrade to the latest version
http://dev.mysql.com/downloads/maxdb/7.6.00.html

Vendor Information

MySQL
http://dev.mysql.com

References

FrSIRT
http://www.frsirt.com/english/advisories/2006/3410

Secunia
http://secunia.com/advisories/21677

CVE Name
CVE-2006-4305

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2006-86 MySQL MaxDB WebDBM Database Name Handling Remote Buffer Overflow Vulnerability

CERT-In Vulnerability Note CIVN-2006-86
MySQL MaxDB WebDBM Database Name Handling Remote Buffer Overflow Vulnerability