var-200412-1126
Vulnerability from variot
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. A remotely exploitable denial of service vulnerability exists in MaxDB. This will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. This issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability
iDEFENSE Security Advisory 10.06.04a: www.idefense.com/application/poi/display?id=150&type=vulnerabilities October 6, 2004
I. BACKGROUND
MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is a heavy-duty, SAP-certified open source database that offers high availability, scalability and a comprehensive feature set. MaxDB complements the MySQL database server, targeted for large mySAP ERP environments and other applications that require maximum enterprise-level database functionality.
II.
The problem specifically exists due to improper input validation of a user-supplied variable in the IsAscii7() function.
wahttp:
ToolsCommon/Tools_DynamicUTF8String.hpp:249:
Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)
Assertion `IsAscii7(src)' failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread 10251 (LWP 12706)]
0x40429781 in kill () from /lib/libc.so.6
III.
IV. DETECTION
iDEFENSE has confirmed that SAP DB version 7.5 for both Linux and Windows is vulnerable.
V. WORKAROUND
Use of an ingress perimeter firewall filter can help detect and mitigate the risk of attack.
VI. VENDOR RESPONSE
"A solution for the issue is available with MaxDB 7.5.00.18."
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the names CAN-2004-0931 to these issues. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
08/16/2004 Initial vendor notification 08/16/2004 iDEFENSE clients notified 08/19/2004 Initial vendor response 10/06/2004 Coordinated public disclosure
IX. CREDIT
Patrik Karlsson (cqure.net) is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright (c) 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.16"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.15"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.14"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.12"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.11"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.08"
},
{
"model": "db",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.5"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.16"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.15"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.14"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.12"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.11"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.08"
},
{
"model": "ab maxdb",
"scope": "ne",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.18"
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Patrik Karlsson.",
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.9
},
"cve": "CVE-2004-0931",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0931",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0931",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-644",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. A remotely exploitable denial of service vulnerability exists in MaxDB. \nThis will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. \nThis issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability\n\niDEFENSE Security Advisory 10.06.04a:\nwww.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\nOctober 6, 2004\n\nI. BACKGROUND\n\nMaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG\u0027s\nopen source database. MaxDB is a heavy-duty, SAP-certified open source\ndatabase that offers high availability, scalability and a comprehensive\nfeature set. MaxDB complements the MySQL database server, targeted for\nlarge mySAP ERP environments and other applications that require maximum\nenterprise-level database functionality. \n\nII. \n\nThe problem specifically exists due to improper input validation of a\nuser-supplied variable in the IsAscii7() function. \n\n wahttp:\n ToolsCommon/Tools_DynamicUTF8String.hpp:249:\n Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)\n Assertion `IsAscii7(src)\u0027 failed. \n\n Program received signal SIGABRT, Aborted. \n [Switching to Thread 10251 (LWP 12706)]\n 0x40429781 in kill () from /lib/libc.so.6\n\nIII. \n\nIV. DETECTION\n\niDEFENSE has confirmed that SAP DB version 7.5 for both Linux and\nWindows is vulnerable. \n\nV. WORKAROUND\n\nUse of an ingress perimeter firewall filter can help detect and mitigate\nthe risk of attack. \n\nVI. VENDOR RESPONSE\n\n\"A solution for the issue is available with MaxDB 7.5.00.18.\"\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nnames CAN-2004-0931 to these issues. This is a candidate for inclusion\nin the CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n08/16/2004 Initial vendor notification\n08/16/2004 iDEFENSE clients notified\n08/19/2004 Initial vendor response\n10/06/2004 Coordinated public disclosure\n\nIX. CREDIT\n\nPatrik Karlsson (cqure.net) is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nX. LEGAL NOTICES\n\nCopyright (c) 2004 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.netsys.com/full-disclosure-charter.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0931",
"trust": 2.0
},
{
"db": "BID",
"id": "11346",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "10532",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "12756",
"trust": 1.6
},
{
"db": "IDEFENSE",
"id": "20041006 MYSQL MAXDB WEB AGENT WEBDBMSERVER NAME DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "7",
"trust": 0.6
},
{
"db": "XF",
"id": "17633",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "34608",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"id": "VAR-200412-1126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1359447
},
"last_update_date": "2024-08-14T12:17:47.636000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/11346"
},
{
"trust": 1.6,
"url": "http://www.secunia.com/advisories/12756"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/10532"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17633"
},
{
"trust": 0.4,
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.mysql.com/products/maxdb/"
},
{
"trust": 0.1,
"url": "http://lists.netsys.com/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0931"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-10-07T00:00:00",
"db": "BID",
"id": "11346"
},
{
"date": "2004-10-13T05:40:14",
"db": "PACKETSTORM",
"id": "34608"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-12T07:06:00",
"db": "BID",
"id": "11346"
},
{
"date": "2006-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"date": "2017-07-11T01:30:35.307000",
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MySQL MaxDB WebDBM Server Name Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…