Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service

MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service

From: Evgeny Demidov <demidov_at_gleg.net>
Date: Tue, 7 Dec 2004 21:18:38 +0300 (MSK)

Name: MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service
Date: 7 Dec 2004
Platforms: Any
Author: Evgeny Demidov

Description:

"MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability,
scalability and a very comprehensive feature set." (quote from http://www.mysql.com/products/maxdb/)

Two vulnerabilities in MaxDB WebTools have been found and reported to MySQL team.

1 - WebDav handler long 'Overwrite' header stack overflow
Remote root/SYSTEM. Easy to exploit.

2 - Funny 'wahttp' NULL pointer dereference
To reproduce it, execute the following command:
$ telnet localhost 9999
GET /file/not/found HTTP/1.0
[ENTER]
[ENTER]

Fix:

MaxDB 7.0.19 supposedly should fix these problems - http://dev.mysql.com/downloads/maxdb/7.5.00.html

History:

25 May 2004 - vulnerability has been discovered by Evgeny Demidov
26 May 2004 - vulnerability details has been made available to VulnDisco clients
15 Oct 2004 - vulnerability has been reported to security_at_mysql.com
7 Dec 2004 - public release of the advisory
Received on Dec 07 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]