Lucene search
SAINT CorporationSAINT:C2C6DE2A124B389C8392230C5913165FHistorySep 06, 2006 - 12:00 a.m.
MySQL MaxDB WebDBM database name buffer overflow
2006-09-0600:00:00
SAINT Corporation
www.saintcorporation.com
7
0.967 High
EPSS
Percentile
99.6%
Added: 09/06/2006
CVE: CVE-2006-4305
BID: 19660
OSVDB: 28300
Background
MaxDB is a SAP-certified open-source database developed by MySQL.
Problem
A buffer overflow in MaxDB allows remote attackers to execute arbitrary commands by sending a long database name from a WebDBM client.
Resolution
Upgrade to MaxDB 7.6.00.31 or higher.
References
<http://archives.neohapsis.com/archives/bugtraq/2006-08/0512.html>
Limitations
Exploit works with MaxDB 7.6.00.27.
Platforms
Windows
Related
openvas
openvas
Debian Security Advisory DSA 1190-1 (maxdb-7.5.00)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1190-1)
2008-01-17 00:00:00
saint
saint
MySQL MaxDB WebDBM database name buffer overflow
2006-09-06 00:00:00
MySQL MaxDB WebDBM database name buffer overflow
2006-09-06 00:00:00
MySQL MaxDB WebDBM database name buffer overflow
2006-09-06 00:00:00
osv
osv
maxdb-7.5.00
2006-10-04 00:00:00
debian
debian
nvd
nvd
CVE-2006-4305
2006-08-30 01:04:00
checkpoint_advisories
checkpoint_advisories
MySQL MaxDB WebDBM Server Buffer Overflow (CVE-2006-4305)
2009-11-10 00:00:00
nessus
nessus
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
2006-09-06 00:00:00
Debian DSA-1190-1 : maxdb-7.5.00 - buffer overflow
2006-10-25 00:00:00
ubuntucve
ubuntucve
CVE-2006-4305
2006-08-30 00:00:00
cvelist
cvelist
CVE-2006-4305
2006-08-30 01:00:00
cve
cve
CVE-2006-4305
2006-08-30 01:04:00
packetstorm
packetstorm
MaxDB WebDBM Database Parameter Overflow
2009-10-30 00:00:00
securityvulns
securityvulns
SYMSA-2006-009
2006-08-30 00:00:00