ID CVE-2003-1331
Summary Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
References
Vulnerable Configurations
  • MySQL MySQL 4.0.9 gamma
    cpe:2.3:a:mysql:mysql:4.0.9:gamma
CVSS
Base: 4.0 (as of 01-08-2007 - 10:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
nessus via4
NASL family Databases
NASL id MYSQL_4_0_14.NASL
description The version of MySQL installed on the remote host is older than 4.0.14. The client library (libmysqlclient) is thus reportedly affected by a buffer overflow. A local attacker could execute arbitrary code through a long socket name. Note that RedHat does not consider that this flaw is a security issue.
last seen 2019-02-21
modified 2018-11-15
plugin id 17822
published 2012-01-18
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=17822
title MySQL < 4.0.14 libmysqlclient Buffer Overflow
refmap via4
bid 7887
confirm http://bugs.mysql.com/bug.php?id=564
fulldisc 20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.
xf mysql-mysqlrealconnect-bo(12337)
statements via4
contributor Joshua Bressers
lastmodified 2007-06-29
organization Red Hat
statement Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves.
Last major update 05-09-2008 - 16:36
Published 31-12-2003 - 00:00
Last modified 28-07-2017 - 21:29
Back to Top