Vulnerability Note VU#602457
MySQL fails to properly validate COM_TABLE_DUMP packets
MySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server.
MySQL and COM_TABLE_DUMP
MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems. Command packets are sent to the MySQL server to issue instructions to that server. One such command packet type is COM_TABLE_DUMP, which the MySQL Internals Manual describes as:
MySQL fails to properly validate user-controlled parameters within COM_TABLE_DUMP packets. If an attacker sends a series of specially crafted COM_TABLE_DUMP packets to a vulnerable MySQL server, that attacker may be able to cause a buffer overflow.
Some level of authentication is needed to exploit this vulnerability. Exploit code for this vulnerability is publicly available
A remote, authenticated attacker may be able to execute arbitrary code on a MySQL server.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|MySQL AB||Affected||-||05 May 2006|
|Red Hat, Inc.||Not Affected||-||17 May 2006|
CVSS Metrics (Learn More)
This vulnerability was reported by Stefano Di Paola.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-1518
- Date Public: 02 May 2006
- Date First Published: 05 May 2006
- Date Last Updated: 17 May 2006
- Severity Metric: 12.33
- Document Revision: 31
If you have feedback, comments, or additional information about this vulnerability, please send us email.