MySQL MaxDB cons.exe command injection

2008-01-16T00:00:00
ID SAINT:4654549902C0B6E9D8BA36E482DBB6F4
Type saint
Reporter SAINT Corporation
Modified 2008-01-16T00:00:00

Description

Added: 01/16/2008
CVE: CVE-2008-0244
BID: 27206
OSVDB: 40210

Background

MaxDB is a SAP-certified open-source database developed by MySQL.

Problem

The MaxDB server handles the **exec_sdbinfo** command by invoking the **cons.exe** program through a **system** call without sufficiently checking the arguments for invalid characters. This allows a remote, unauthenticated attacker to inject arbitrary commands by putting special sequences such as **&&** in the arguments.

Resolution

Upgrade to a version of MaxDB higher than 7.6.00.37 when available.

References

<http://milw0rm.com/exploits/4877>

Limitations

Exploit works on MaxDB 7.6.0.37.