Threat Analysis Center

 

powered by

 

BroadWeb Security Service Team

                                                                                              

 MySQL MaxDB Webtool HTTP GET Remote Stack Overflow Vulnerability

Two buffer overflow vulnerabilities were found in MySQL MaxDB before 7.5.00.26. Remote exploitation of these two buffer overflow vulnerabilities could allow attackers to execute arbitrary code.

 

To exploit these vulnerabilities, an attacker can send a HTTP GET request with a long file parameter after a percent ("%") sign or a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.

 

BroadWeb Security Service Team (BSST) has released the countermeasure signatures in signature version 2.88, which includes:

 

# 1051893_EXPLOIT MySQL MaxDB Webtool HTTP GET Remote Stack Overflow

# 1051894_EXPLOIT MySQL MaxDB Webtool HTTP GET Remote Stack Overflow - 2

 

NetKeeper users are urged to upgrade their signature patterns to version 2.88 or later in order to thwart these attacks.

 

(BSST, Broadweb Security Service Team)

 

CVE reference: CAN-2005-0684

 

About BSST
BSST Training Course
Threat Analysis Center
Product Registration
Downloads
Leave Messages
Locate a Channel Partner





 

 

Submit
Reset

 


 

BroadWeb Corporation
222 S. Harbor Blvd. #680, Anaheim, CA 92805, USA
Asia Headquarters:

    3F, 24-1, Industry East Rd. IV, Science Based Industrial Park. Hsin Chu, Taiwan.

 
Designed by Creatop