| VID |
25036 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The MySQL Server, according to its version number, has a buffer overflow vulnerability in the mysql_real_connect function.
MySQL versions 4.0.20 and earlier could allow a remote attacker to execute arbitrary code, due to insufficient boundary checks performed by the 'mysql_real_connect' function. The 'mysql_real_connect' function does not verify the length of the IP address returned through a DNS response from a server. A remote attacker in control of a DNS server, can supply a malicious reverse DNS hostname lookup address to overflow a buffer and possibly execute arbitrary code on the affected host.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Reportedly, this vulnerability can not be exploited on Linux and OpenBSD platforms.
* References:
http://bugs.mysql.com/bug.php?id=4017
http://secunia.com/advisories/12305/
* Platforms Affected:
MySQL 4.0.20 and earlier
Any operating system Any version (Except for Linux and OpenBSD platforms) |
| Recommendation |
Upgrade to the latest version of MySQL (4.0.21 or later), available from MySQL web site at http://dev.mysql.com/downloads/mysql/4.0.html |
| Related URL |
CVE-2004-0836 (CVE) |
| Related URL |
10981 (SecurityFocus) |
| Related URL |
17047 (ISS) |
|
