mysql50-server -- COM_TABLE_DUMP arbitrary code execution

ID A8D8713E-DC83-11DA-A22B-000C6EC775D9
Type freebsd
Reporter FreeBSD
Modified 2006-05-02T00:00:00


Stefano Di Paola reports:

An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer (port 3306 or unix socket). But if used in conjuction with some web application flaws (i.e. php code injection) an attacker could use socket programming (i.e. php sockets) to gain access to that layer.