cvelistv5 - CVE-2006-4305

CVE-2006-4305 (GCVE-0-2006-4305)

Vulnerability from cvelistv5

Published

2006-08-30 01:00

Modified

2024-08-07 19:06

Severity ?

CWE

Summary

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2006-4305

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.

Aliases

CVE-2006-4305

Aliases

CVE-2006-4305

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4305",
    "description": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.",
    "id": "GSD-2006-4305",
    "references": [
      "https://www.debian.org/security/2006/dsa-1190",
      "https://packetstormsecurity.com/files/cve/CVE-2006-4305"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4305"
      ],
      "details": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.",
      "id": "GSD-2006-4305",
      "modified": "2023-12-13T01:19:51.971029Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4305",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "maxdb-webdbm-bo(28636)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
          },
          {
            "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt",
            "refsource": "MISC",
            "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
          },
          {
            "name": "DSA-1190",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1190"
          },
          {
            "name": "20060828 SYMSA-2006-009",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
          },
          {
            "name": "21677",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21677"
          },
          {
            "name": "22518",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22518"
          },
          {
            "name": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html",
            "refsource": "CONFIRM",
            "url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
          },
          {
            "name": "1016766",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016766"
          },
          {
            "name": "ADV-2006-3410",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3410"
          },
          {
            "name": "19660",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19660"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mysql:maxdb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.00.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap-db:sap-db:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4305"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
            },
            {
              "name": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
            },
            {
              "name": "19660",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/19660"
            },
            {
              "name": "21677",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21677"
            },
            {
              "name": "1016766",
              "refsource": "SECTRACK",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://securitytracker.com/id?1016766"
            },
            {
              "name": "DSA-1190",
              "refsource": "DEBIAN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1190"
            },
            {
              "name": "22518",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22518"
            },
            {
              "name": "ADV-2006-3410",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3410"
            },
            {
              "name": "maxdb-webdbm-bo(28636)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
            },
            {
              "name": "20060828 SYMSA-2006-009",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-17T21:34Z",
      "publishedDate": "2006-08-30T01:04Z"
    }
  }
}

ghsa-88j9-hr3g-c3jw

Vulnerability from github

Published

2022-05-01 07:17

Modified

2022-05-01 07:17

Details

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4305"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-08-30T01:04:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.",
  "id": "GHSA-88j9-hr3g-c3jw",
  "modified": "2022-05-01T07:17:24Z",
  "published": "2022-05-01T07:17:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4305"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
    },
    {
      "type": "WEB",
      "url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21677"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22518"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016766"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1190"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19660"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-4305

Vulnerability from fkie_nvd

Published

2006-08-30 01:04

Modified

2025-04-03 01:03

Severity ?

Summary

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.

References

URL	Tags
cve@mitre.org	http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html
cve@mitre.org	http://secunia.com/advisories/21677	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22518	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016766	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2006/dsa-1190	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/444601/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19660	Patch
cve@mitre.org	http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3410
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28636
af854a3a-2127-422b-91ae-364da2661108	http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21677	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22518	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016766	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1190	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/444601/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19660	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3410
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28636

Impacted products

	Vendor	Product	Version
	mysql	maxdb	*
	sap-db	sap-db	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:maxdb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DCF7C-841D-4A96-8ECF-8C6B2BA9F492",
              "versionEndIncluding": "7.6.00.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap-db:sap-db:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEFDCFFD-4BBD-429A-89E9-B690A4E28CA7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en SAP DB y MaxDB anterior a 7.6.00.30 permite a atacantes remotos  ejecutar c\u00f3digo arbitrario mediante un nombre de base de datos largo al conectar mediante el cliente WebDBM."
    }
  ],
  "id": "CVE-2006-4305",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-30T01:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21677"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22518"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1016766"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1190"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19660"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3410"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1016766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               Symantec Vulnerability Research
               http://www.symantec.com/research
                    Security Advisory

Advisory ID: SYMSA-2006-09 Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow Author: Oliver Karow / Oliver_Karow@symantec.com Release Date: 29-08-2006 Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM Platform: Windows/Unix Severity: Remotely exploitable/Local System Access Vendor status: Verified by vendor / Resolved in 7.6.00.31 CVE Number: CVE-2006-4305 Reference: http://www.securityfocus.com/bid/19660

Overview:

 A connection from a WebDBM Client to the DBM Server causes a

buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server.

Details: SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability, scalability and a very comprehensive feature set. It is targeted for large mySAP Business Suite environments and other applications that require maximum enterprise-level database functionality and complements the MySQL database server.

 A remotely exploitable vulnerability exists in MaxDB's WebDBM. Authentication is not required

for successful exploitation to occur.

Vendor Response:

The above vulnerability has been fixed in the latest release of the product, MaxDB 7.6.00.31.

Licensed and evaluation versions of MaxDB are available for download in the download section of www.mysql.com/maxdb: http://dev.mysql.com/downloads/maxdb/7.6.00.html.

If there are any further questions about this statement, please contact mysql-MaxDB support.

Please note that SAP customers receive their downloads via the SAP Service Marketplace www.service.sap.com and must not use downloads from the addresses above for their SAP solutions.

Recommendation:

The vendor has released MaxDB 7.6.00.31 to address

this issue. Users should contact the vendor to obtain the appropriate upgrade.

As a temporary workaround the SAP-DB WWW Service should either be disabled or have access to it restricted using appropriate network or client based access controls.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

CVE-2006-4305

-------Symantec Consulting Services Advisory Information-------

For questions about this advisory, or to report an error: cs_advisories@symantec.com

For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf

Consulting Services Advisory Archive: http://www.symantec.com/research/

Consulting Services Advisory GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc

-------------Symantec Product Advisory Information-------------

To Report a Security Vulnerability in a Symantec Product: secure@symantec.com

For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/

Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html

Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

Copyright (c) 2006 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from cs_advisories@symantec.com.

Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5 gKP3gDsY1sr7ioo8+maNHFA= =vuXL -----END PGP SIGNATURE----- .

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: MaxDB WebDBM Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA21677

VERIFY ADVISORY: http://secunia.com/advisories/21677/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From local network

SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/

DESCRIPTION: Oliver Karow has reported a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in WebDBM when processing database names.

The vulnerability has been reported in version 7.6.00.22. Other versions may also be affected.

SOLUTION: Update to version 7.6.00.31 or later. http://dev.mysql.com/downloads/maxdb/7.6.00.html

PROVIDED AND/OR DISCOVERED BY: Oliver Karow, Symantec.

ORIGINAL ADVISORY: Symantec: http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information: SA21677

SOLUTION: Apply updated packages.

-- Debian GNU/Linux 3.1 alias sarge --

Source archives:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc Size/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz Size/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz Size/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb Size/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb Size/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb Size/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb Size/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb Size/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb Size/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb Size/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb Size/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436

-- Debian GNU/Linux unstable alias sid --

Reportedly, the problem will be fixed soon

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200608-0332",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "maxdb",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mysql",
        "version": "7.6.00.22"
      },
      {
        "model": "sap-db",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap db",
        "version": "*"
      },
      {
        "model": "maxdb",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mysql ab",
        "version": "7.6.00.30"
      },
      {
        "model": "sap-db",
        "scope": null,
        "trust": 0.8,
        "vendor": "sap db",
        "version": null
      },
      {
        "model": "maxdb",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mysql",
        "version": "7.6.00.22"
      },
      {
        "model": "db sap db",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "0"
      },
      {
        "model": "ab maxdb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mysql",
        "version": "7.6.00.22"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "ab maxdb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mysql",
        "version": "7.6.00.31"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "19660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:mysql:maxdb",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sap-db:sap-db",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oliver Karow from Symantec is credited with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "19660"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4305",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2006-4305",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-4305",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-4305",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200608-466",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n                   Symantec Vulnerability Research\n                   http://www.symantec.com/research\n                        Security Advisory\n\n   Advisory ID: SYMSA-2006-09\n   Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow\n   Author: Oliver Karow / Oliver_Karow@symantec.com\n   Release Date: 29-08-2006\n   Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM\n   Platform: Windows/Unix\n   Severity: Remotely exploitable/Local System Access\n   Vendor status: Verified by vendor / Resolved in 7.6.00.31\n   CVE Number: CVE-2006-4305\n   Reference: http://www.securityfocus.com/bid/19660\n\n\nOverview: \n\n     A connection from a WebDBM Client to the DBM Server causes a \nbuffer overflow when the given database name is too large. This \ncan result in the execution of arbitrary code in the context of \nthe database server. \n\n\nDetails: \n     SAP-DB/MaxDB is a heavy-duty, SAP-certified open source \ndatabase for OLTP and OLAP usage which offers high reliability, \navailability, scalability and a very comprehensive feature set. \nIt is targeted for large mySAP Business Suite environments \nand other applications that require maximum enterprise-level \ndatabase functionality and complements the MySQL database server. \n\n     A remotely exploitable vulnerability exists in MaxDB\u0027s WebDBM. Authentication is not required \nfor successful exploitation to occur. \n\t\n\nVendor Response:\n\nThe above vulnerability has been fixed in the latest release of \nthe product, MaxDB 7.6.00.31. \n\nLicensed and evaluation versions of MaxDB are available for \ndownload in the download section of www.mysql.com/maxdb:\nhttp://dev.mysql.com/downloads/maxdb/7.6.00.html. \n\nIf there are any further questions about this statement, please\ncontact mysql-MaxDB support. \n\nPlease note that SAP customers receive their downloads via the \nSAP Service Marketplace www.service.sap.com and must not use \ndownloads from the addresses above for their SAP solutions. \n\nRecommendation:\n\n\tThe vendor has released MaxDB 7.6.00.31 to address \nthis issue. Users should contact the vendor to obtain the \nappropriate upgrade. \n\nAs a temporary workaround the SAP-DB WWW Service should either \nbe disabled or have access to it restricted using appropriate \nnetwork or client based access controls. \n\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nthe following names to these issues.  These are candidates for \ninclusion in the CVE list (http://cve.mitre.org), which standardizes \nnames for security problems. \n\n\n  CVE-2006-4305\n\n- -------Symantec Consulting Services Advisory Information-------\n\nFor questions about this advisory, or to report an error:\ncs_advisories@symantec.com\n\nFor details on Symantec\u0027s Vulnerability Reporting Policy: \nhttp://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\n\nConsulting Services Advisory Archive: \nhttp://www.symantec.com/research/  \n\nConsulting Services Advisory GPG Key:\nhttp://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc\n\n- -------------Symantec Product Advisory Information-------------\n\nTo Report a Security Vulnerability in a Symantec Product:\nsecure@symantec.com \n\nFor general information on Symantec\u0027s Product Vulnerability \nreporting and response:\nhttp://www.symantec.com/security/\n\nSymantec Product Advisory Archive: \nhttp://www.symantec.com/avcenter/security/SymantecAdvisories.html\n\nSymantec Product Advisory PGP Key:\nhttp://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\n\n- ---------------------------------------------------------------\n\nCopyright (c) 2006 by Symantec Corp. \nPermission to redistribute this alert electronically is granted \nas long as it is not edited in any way unless authorized by \nSymantec Consulting Services. Reprinting the whole or part of \nthis alert in any medium other than electronically requires \npermission from cs_advisories@symantec.com. \n\nDisclaimer\nThe information in the advisory is believed to be accurate at the \ntime of publishing based on currently available information. Use \nof the information constitutes acceptance for use in an AS IS \ncondition. There are no warranties with regard to this information. \nNeither the author nor the publisher accepts any liability for any \ndirect, indirect, or consequential loss or damage arising from use \nof, or reliance on, this information. \n\nSymantec, Symantec products, and Symantec Consulting Services are \nregistered trademarks of Symantec Corp. and/or affiliated companies \nin the United States and other countries. All other registered and \nunregistered trademarks represented in this document are the sole \nproperty of their respective companies/owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5\ngKP3gDsY1sr7ioo8+maNHFA=\n=vuXL\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nMaxDB WebDBM Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21677\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21677/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nMaxDB 7.x\nhttp://secunia.com/product/4012/\n\nDESCRIPTION:\nOliver Karow has reported a vulnerability in MaxDB, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error in WebDBM when\nprocessing database names. \n\nThe vulnerability has been reported in version 7.6.00.22. Other\nversions may also be affected. \n\nSOLUTION:\nUpdate to version 7.6.00.31 or later. \nhttp://dev.mysql.com/downloads/maxdb/7.6.00.html\n\nPROVIDED AND/OR DISCOVERED BY:\nOliver Karow, Symantec. \n\nORIGINAL ADVISORY:\nSymantec:\nhttp://www.symantec.com/enterprise/research/SYMSA-2006-009.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes a\nvulnerability, which can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA21677\n\nSOLUTION:\nApply updated packages. \n\n-- Debian GNU/Linux 3.1 alias sarge --\n\nSource archives:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc\nSize/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz\nSize/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz\nSize/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb\n\nAMD64 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce\n\nIntel IA-32 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537\n\nIntel IA-64 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436\n\n-- Debian GNU/Linux unstable alias sid --\n\nReportedly, the problem will be fixed soon",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "db": "BID",
        "id": "19660"
      },
      {
        "db": "PACKETSTORM",
        "id": "49541"
      },
      {
        "db": "PACKETSTORM",
        "id": "49583"
      },
      {
        "db": "PACKETSTORM",
        "id": "51237"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-4305",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "19660",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "21677",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "22518",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016766",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3410",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "28636",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-1190",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060828 SYMSA-2006-009",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "49541",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "49583",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51237",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "19660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "db": "PACKETSTORM",
        "id": "49541"
      },
      {
        "db": "PACKETSTORM",
        "id": "49583"
      },
      {
        "db": "PACKETSTORM",
        "id": "51237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "id": "VAR-200608-0332",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1359447
  },
  "last_update_date": "2024-11-23T22:24:24.171000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MaxDB",
        "trust": 0.8,
        "url": "http://www.mysql.com/sap/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.sapdb.org/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19660"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2006/dsa-1190"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/id?1016766"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/22518"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/21677"
      },
      {
        "trust": 1.6,
        "url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.symantec.com/enterprise/research/symsa-2006-009.txt"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3410"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4305"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4305"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/444601/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3410"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/28636"
      },
      {
        "trust": 0.4,
        "url": "http://dev.mysql.com/downloads/maxdb/7.6.00.html."
      },
      {
        "trust": 0.3,
        "url": "http://www.mysql.com/products/maxdb/"
      },
      {
        "trust": 0.3,
        "url": "http://www.mysql.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.sapdb.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/21677/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://www.mysql.com/maxdb:"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/symantec-responsible-disclosure.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/"
      },
      {
        "trust": 0.1,
        "url": "https://www.service.sap.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/avcenter/security/symantecadvisories.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security/symantec-vulnerability-management-key.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4305"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/symantec_vulnerability_research_gpg.asc"
      },
      {
        "trust": 0.1,
        "url": "http://dev.mysql.com/downloads/maxdb/7.6.00.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4012/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5307/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.us.debian.org/security/2006/dsa-1190"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/530/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22518/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "19660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "db": "PACKETSTORM",
        "id": "49541"
      },
      {
        "db": "PACKETSTORM",
        "id": "49583"
      },
      {
        "db": "PACKETSTORM",
        "id": "51237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "19660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "db": "PACKETSTORM",
        "id": "49541"
      },
      {
        "db": "PACKETSTORM",
        "id": "49583"
      },
      {
        "db": "PACKETSTORM",
        "id": "51237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-08-29T00:00:00",
        "db": "BID",
        "id": "19660"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "date": "2006-08-29T16:57:14",
        "db": "PACKETSTORM",
        "id": "49541"
      },
      {
        "date": "2006-08-30T20:08:37",
        "db": "PACKETSTORM",
        "id": "49583"
      },
      {
        "date": "2006-10-23T18:08:13",
        "db": "PACKETSTORM",
        "id": "51237"
      },
      {
        "date": "2006-08-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      },
      {
        "date": "2006-08-30T01:04:00",
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-10-04T23:15:00",
        "db": "BID",
        "id": "19660"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      },
      {
        "date": "2007-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      },
      {
        "date": "2024-11-21T00:15:37.813000",
        "db": "NVD",
        "id": "CVE-2006-4305"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP DB Buffer overflow vulnerability in products such as",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001994"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-466"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-4305 (GCVE-0-2006-4305)

Vulnerability from cvelistv5

gsd-2006-4305

Vulnerability from gsd

ghsa-88j9-hr3g-c3jw

Vulnerability from github

fkie_cve-2006-4305

Vulnerability from fkie_nvd

var-200608-0332

Vulnerability from variot

Tags

Sightings

Nomenclature