Search...

CVE-2001-1274

2001-01-23T00:00:00

ID CVE-2001-1274
Type cve
Reporter NVD
Modified 2016-10-17T22:14:23

Description

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

JSON Vulners Source

Initial Source

{"id": "CVE-2001-1274", "bulletinFamily": "NVD", "title": "CVE-2001-1274", "description": "Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.", "published": "2001-01-23T00:00:00", "modified": "2016-10-17T22:14:23", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1274", "reporter": "NVD", "references": ["http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.3", "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3", "http://www.debian.org/security/2001/dsa-013", "http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt", "http://www.redhat.com/support/errata/RHSA-2001-003.html", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000375", "http://marc.info/?l=bugtraq&m=98089552030459&w=2"], "cvelist": ["CVE-2001-1274"], "type": "cve", "lastseen": "2017-04-18T15:49:32", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:mysql:mysql:3.23.31"], "cvelist": ["CVE-2001-1274"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.", "edition": 1, "hash": "320da56e2a7fcf256f2e1dc43008ab41c9ce80dc7f4c7202d76c973eec1efa23", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "f4b41a8f634394f8e7d237f3bc20f3b6", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "caceae46914f3fb83835a968cee7ef20", "key": "description"}, {"hash": "b3a5f367cbbfd5c43bf51f4fe200909c", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "124609a42cf210e4e4501705805600e2", "key": "cvelist"}, {"hash": "5143ba889ee28e320d0215e37f8c9ae4", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "1e726683c8726400fd40471693ada3ba", "key": "cpe"}, {"hash": "68e37c4adf4c5ad04778db0f98432334", "key": "published"}, {"hash": "4ed8d1ca5add09d643cfbfaf0389d1c2", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1274", "id": "CVE-2001-1274", "lastseen": "2016-09-03T03:10:46", "modified": "2008-09-05T16:26:07", "objectVersion": "1.2", "published": "2001-01-23T00:00:00", "references": ["http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.3", "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3", "http://marc.theaimsgroup.com/?l=bugtraq&m=98089552030459&w=2", "http://www.debian.org/security/2001/dsa-013", "http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt", "http://www.redhat.com/support/errata/RHSA-2001-003.html", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000375"], "reporter": "NVD", "scanner": [], "title": "CVE-2001-1274", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:10:46"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "1e726683c8726400fd40471693ada3ba"}, {"key": "cvelist", "hash": "124609a42cf210e4e4501705805600e2"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "caceae46914f3fb83835a968cee7ef20"}, {"key": "href", "hash": "b3a5f367cbbfd5c43bf51f4fe200909c"}, {"key": "modified", "hash": "b8d232f7d689e557af303dd6a959c253"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "68e37c4adf4c5ad04778db0f98432334"}, {"key": "references", "hash": "6fa580ddf8ec226b45d2cd102440a8cc"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "5143ba889ee28e320d0215e37f8c9ae4"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "5d2c82902946e14b506fc2f7851bab3ae3d8d3f0270a20df7c0405df8b30d03e", "viewCount": 0, "objectVersion": "1.2", "cpe": ["cpe:/a:mysql:mysql:3.23.31"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"vulnersScore": 7.5}}

{"result": {"debian": [{"id": "DSA-013", "type": "debian", "title": "MySQL -- remote buffer overflow", "description": "Nicolas Gregoire has reported a buffer overflow in the mysql server that leads to a remote exploit. An attacker could gain mysqld privileges (and thus gaining access to all the databases). \n\nWe recommend you upgrade your mysql package immediately.", "published": "2001-01-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-013", "cvelist": ["CVE-2001-1274"], "lastseen": "2016-09-02T18:31:40"}], "exploitdb": [{"id": "EDB-ID:20581", "type": "exploitdb", "title": "Mysql 3.22.x/3.23.x - Local Buffer Overflow Vulnerability", "description": "Mysql 3.22.x/3.23.x Local Buffer Overflow Vulnerability. CVE-2001-1274. Local exploit for linux platform", "published": "2001-01-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/20581/", "cvelist": ["CVE-2001-1274"], "lastseen": "2016-02-02T14:34:04"}], "openvas": [{"id": "OPENVAS:53776", "type": "openvas", "title": "Debian Security Advisory DSA 013-1 (mysql)", "description": "The remote host is missing an update to mysql\nannounced via advisory DSA 013-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53776", "cvelist": ["CVE-2001-1274"], "lastseen": "2017-07-24T12:50:07"}], "nessus": [{"id": "MYSQL_3_23_31.NASL", "type": "nessus", "title": "MySQL < 3.23.31 Buffer Overflow", "description": "The version of MySQL installed on the remote host allows a remote attacker to exploit a buffer overflow and crash the server, or even execute arbitrary code.", "published": "2012-01-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17817", "cvelist": ["CVE-2001-1274"], "lastseen": "2018-05-18T04:44:00"}, {"id": "DEBIAN_DSA-013.NASL", "type": "nessus", "title": "Debian DSA-013 : MySQL - remote buffer overflow", "description": "Nicolas Gregoire has reported a buffer overflow in the mysql server that leads to a remote exploit. An attacker could gain mysqld privileges (and thus gaining access to all the databases).", "published": "2004-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14850", "cvelist": ["CVE-2001-1274"], "lastseen": "2017-10-29T13:42:52"}, {"id": "MANDRAKE_MDKSA-2001-014.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : MySQL (MDKSA-2001:014-1)", "description": "A security problem exists in all versions of MySQL after 3.23.2 and prior to 3.23.31. The problem is that the SHOW GRANTS command could be executed by any user making it possible for anyone with a MySQL account to get the crypted password from the mysql.user table. The new 3.23.31 version fixes this.\n\nDue to library changes, the previously announced PHP update (MDKSA-2001:013) has been updated as well so that the php-mysql module supports this new version of MySQL. It also corrects the upgrade scripts in the package, however you will still need to verify that PHP support is enabled in your /etc/httpd/conf/httpd.conf Apache configuration file and verify that the installed modules are uncommented in your /etc/php.ini file.\n\nUpdate :\n\nPrevious versions of MySQL also suffered from a buffer overflow problem that has been corrected in the recent releases. This update fixes the buffer overflow problem in the MySQL packages provided with Linux- Mandrake 7.1 and Corporate Server 1.0.1.", "published": "2012-09-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61888", "cvelist": ["CVE-2001-1275", "CVE-2001-1274"], "lastseen": "2017-10-29T13:40:15"}], "osvdb": [{"id": "OSVDB:9907", "type": "osvdb", "title": "MySQL select Command Remote Overflow", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.mysql.com/\nRedHat RHSA: RHSA-2001:003\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-01/0327.html\nISS X-Force ID: 5969\n[CVE-2001-1274](https://vulners.com/cve/CVE-2001-1274)\nBugtraq ID: 2262\n", "published": "2001-01-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:9907", "cvelist": ["CVE-2001-1274"], "lastseen": "2017-04-28T13:20:05"}]}}