MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow

high Nessus Plugin ID 11842

Language:

Synopsis

The remote database server is susceptible to a buffer overflow attack.

Description

According to its banner, the version of MySQL installed on the remote host fails to validate the length of a user-supplied password in the 'User' table in the 'get_salt_from_password()' function. Using a specially crafted value for a new password, an authenticated attacker with the 'ALTER DATABASE' privilege may be able to leverage this issue to trigger a buffer overflow and execute arbitrary code subject to the privileges under which the database service runs.

Solution

Upgrade to MySQL 3.23.58 / 4.0.15 or later.

See Also

https://seclists.org/fulldisclosure/2003/Sep/413

https://lists.mysql.com/announce/168

https://lists.mysql.com/announce/169

Plugin Details

Severity: High

ID: 11842

File Name: mysql_password_overflow.nasl

Version: 1.32

Type: remote

Family: Databases

Published: 9/19/2003

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/11/2003

Reference Information

CVE: CVE-2003-0780

BID: 8590

RHSA: 2003:281-01

SuSE: SUSE-SA:2003:042