1. CVE-Search
  2. CVE-2006-4305
ID CVE-2006-4305
Summary Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
References
Vulnerable Configurations
  • cpe:2.3:a:mysql:maxdb:-:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.18:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.19:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.23:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.5.00.25:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.5.00.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:maxdb:7.6.00.22:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:maxdb:7.6.00.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap-db:sap-db:*:*:*:*:*:*:*:*
    cpe:2.3:a:sap-db:sap-db:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 19660
bugtraq 20060828 SYMSA-2006-009
confirm http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html
debian DSA-1190
misc http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt
sectrack 1016766
secunia
  • 21677
  • 22518
vupen ADV-2006-3410
xf maxdb-webdbm-bo(28636)
saint via4
bid 19660
description MySQL MaxDB WebDBM database name buffer overflow
id web_tool_maxdbver
osvdb 28300
title maxdb_webdbm_database_name
type remote
Last major update 17-10-2018 - 21:34
Published 30-08-2006 - 01:04
Last modified 17-10-2018 - 21:34
Back to Top