mysql50-server -- COM_TABLE_DUMP arbitrary code execution

2006-05-02T00:00:00
ID A8D8713E-DC83-11DA-A22B-000C6EC775D9
Type freebsd
Reporter FreeBSD
Modified 2006-05-02T00:00:00

Description

Stefano Di Paola reports:

An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer (port 3306 or unix socket). But if used in conjuction with some web application flaws (i.e. php code injection) an attacker could use socket programming (i.e. php sockets) to gain access to that layer.