Vulnerability Note VU#602457
MySQL fails to properly validate COM_TABLE_DUMP packets
Overview
MySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server.
Description
MySQL and COM_TABLE_DUMP MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems. Command packets are sent to the MySQL server to issue instructions to that server. One such command packet type is COM_TABLE_DUMP, which the MySQL Internals Manual describes as:
MySQL fails to properly validate user-controlled parameters within COM_TABLE_DUMP packets. If an attacker sends a series of specially crafted COM_TABLE_DUMP packets to a vulnerable MySQL server, that attacker may be able to cause a buffer overflow. Considerations Some level of authentication is needed to exploit this vulnerability. Exploit code for this vulnerability is publicly available |
Impact
A remote, authenticated attacker may be able to execute arbitrary code on a MySQL server. |
Solution
Upgrade |
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| MySQL AB | Affected | - | 05 May 2006 |
| Red Hat, Inc. | Not Affected | - | 17 May 2006 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://secunia.com/advisories/19929/
- http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html
- http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
- http://downloads.mysql.com/docs/internals-en.pdf
Credit
This vulnerability was reported by Stefano Di Paola.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CVE-2006-1518
- Date Public: 02 May 2006
- Date First Published: 05 May 2006
- Date Last Updated: 17 May 2006
- Severity Metric: 12.33
- Document Revision: 31
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.