MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service

From: Evgeny Demidov (demidov_at_gleg.net)
Date: 12/07/04

  • Next message: Mary Landesman: "Re: [Full-Disclosure] A suggestion to all AV vendors..." 
    To: full-disclosure@lists.netsys.com
Date: Tue,  7 Dec 2004 21:18:38 +0300 (MSK)

    Name: MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service
    Date: 7 Dec 2004
    Platforms: Any
    Author: Evgeny Demidov

    Description:

    "MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability,
    scalability and a very comprehensive feature set." (quote from http://www.mysql.com/products/maxdb/)

    Two vulnerabilities in MaxDB WebTools have been found and reported to MySQL team.

    1 - WebDav handler long 'Overwrite' header stack overflow
    Remote root/SYSTEM. Easy to exploit.

    2 - Funny 'wahttp' NULL pointer dereference
    To reproduce it, execute the following command:
    $ telnet localhost 9999
    GET /file/not/found HTTP/1.0
    [ENTER]
    [ENTER]

    Fix:

    MaxDB 7.0.19 supposedly should fix these problems - http://dev.mysql.com/downloads/maxdb/7.5.00.html

    History:

    25 May 2004 - vulnerability has been discovered by Evgeny Demidov
    26 May 2004 - vulnerability details has been made available to VulnDisco clients
    15 Oct 2004 - vulnerability has been reported to security@mysql.com
    7 Dec 2004 - public release of the advisory

  • Next message: Mary Landesman: "Re: [Full-Disclosure] A suggestion to all AV vendors..."

    Relevant Pages
    • Quantcast