Home page logo

bugtraq logo Bugtraq mailing list archives

MaxDB WebTools <= buffer overflow and Denial of Service
From: Evgeny Demidov <demidov () gleg net>
Date: Tue, 7 Dec 2004 21:18:38 +0300 (MSK)

Name:          MaxDB WebTools <= buffer overflow and Denial of Service 
Date:          7 Dec 2004
Platforms:     Any
Author:        Evgeny Demidov


"MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, 
scalability and a very comprehensive feature set." (quote from http://www.mysql.com/products/maxdb/) 

Two vulnerabilities in MaxDB WebTools have been found and reported to MySQL team.

1 - WebDav handler long 'Overwrite' header stack overflow
Remote root/SYSTEM. Easy to exploit.

2 - Funny 'wahttp' NULL pointer dereference 
To reproduce it, execute the following command:
$ telnet localhost 9999
GET /file/not/found HTTP/1.0


MaxDB 7.0.19 supposedly should fix these problems - http://dev.mysql.com/downloads/maxdb/7.5.00.html


25 May 2004 - vulnerability has been discovered by Evgeny Demidov
26 May 2004 - vulnerability details has been made available to VulnDisco clients
15 Oct 2004 - vulnerability has been reported to security () mysql com 
7  Dec 2004 - public release of the advisory

  By Date           By Thread  

Current thread:
  • MaxDB WebTools <= buffer overflow and Denial of Service Evgeny Demidov (Dec 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]