MySQL is a popular open source database package. It contains a buffer overflow in the code that processes drop database commands.
The MySQL server, mysqld, contains a buffer overflow in the code used to process drop database requests. By carefully crafting a MySQL drop database request, such as through the mysql client, an intruder may be able to execute arbitrary code with the privileges of the MySQL server. If a MySQL database is available over the internet (e.g. through mysqld or through a web page), a remote intruder may be able to exploit this vulnerability.
See also VU#123384.
Attackers able to authenticate to a MySQL database may be able to execute code with the privileges of the mysql server.
Upgrade to MySQL version 3.23.33 or later.
Vendor| Status| Date Notified| Date Updated
MySQL| | -| 17 Feb 2001
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Our thanks to Joao Gouveia who discovered this vulnerability and posted it to the securityfocus.com BugTraq mailing list on February 9, 2001.
This document was written by Shawn V. Hernan.