MySQL MaxDB WebDBM database name buffer overflow

Added: 09/06/2006
CVE: CVE-2006-4305
BID: 19660
OSVDB: 28300

Background

MaxDB is a SAP-certified open-source database developed by MySQL.

Problem

A buffer overflow in MaxDB allows remote attackers to execute arbitrary commands by sending a long database name from a WebDBM client.

Resolution

Upgrade to MaxDB 7.6.00.31 or higher.

References

http://archives.neohapsis.com/archives/bugtraq/2006-08/0512.html

Limitations

Exploit works with MaxDB 7.6.00.27.

Platforms

Windows

Back to exploit index