MySQL MaxDB cons.exe command injection

Added: 01/16/2008
CVE: CVE-2008-0244
BID: 27206
OSVDB: 40210

Background

MaxDB is a SAP-certified open-source database developed by MySQL.

Problem

The MaxDB server handles the exec_sdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for invalid characters. This allows a remote, unauthenticated attacker to inject arbitrary commands by putting special sequences such as && in the arguments.

Resolution

Upgrade to a version of MaxDB higher than 7.6.00.37 when available.

References

http://milw0rm.com/exploits/4877

Limitations

Exploit works on MaxDB 7.6.0.37.
Back to exploit index