MySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server.
MySQL and COM_TABLE_DUMP
MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems. Command packets are sent to the MySQL server to issue instructions to that server. One such command packet type is COM_TABLE_DUMP, which the MySQL Internals Manual describes as:
A remote, authenticated attacker may be able to execute arbitrary code on a MySQL server.
This vulnerability was reported by Stefano Di Paola.
This document was written by Jeff Gennari.
|Date First Published:||2006-05-05|
|Date Last Updated:||2006-05-17 12:24 UTC|