Signature Detail

Short Name	DB:MYSQL:MAXDB-WEB-OF
Severity	Medium
Recommended	No
Recommended Action	Drop
Category	DB
Keywords	MySQL MaxDB Web Interface Buffer Overflow
Release Date	2005/03/21
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DB: MySQL MaxDB Web Interface Buffer Overflow

This signature detects attempts to exploit a known vulnerability in MaxDB Web Interface. Successful attackers can crash the server.

Extended Description

A remotely exploitable denial of service vulnerability exists in MaxDB. The cause of this condition is an input validation error that is exposed when an internal function in the WebDBM handles a client-supplied 'Server' name in an HTTP request that includes specific values. This will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. This issue was reportedly tested on Windows and Linux versions. Other versions could also be affected.

Affected Products

MySQL AB MaxDB 7.5.0 .00.08
MySQL AB MaxDB 7.5.0 .00.11
MySQL AB MaxDB 7.5.0 .00.12
MySQL AB MaxDB 7.5.0 .00.14
MySQL AB MaxDB 7.5.0 .00.15
MySQL AB MaxDB 7.5.0 .00.16
SAP DB 7.5.0

References

BugTraq: 11346
CVE: CVE-2005-0111
URL: http://www.securityfocus.com/bid/12265
URL: http://www.idefense.com/application/poi/display?id=181&type=vulnerabilities

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

DB: MySQL MaxDB Web Interface Buffer Overflow

Extended Description

Affected Products

References