[Please upgrade if you have MaxDB installed on any platform -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-Id: <[EMAIL PROTECTED]> From: Evgeny Demidov <[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service Date: Tue, 7 Dec 2004 21:18:38 +0300 (MSK) Name: MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service Date: 7 Dec 2004 Platforms: Any Author: Evgeny Demidov Description: "MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability, scalability and a very comprehensive feature set." (quote from http://www.mysql.com/products/maxdb/) Two vulnerabilities in MaxDB WebTools have been found and reported to MySQL team. 1 - WebDav handler long 'Overwrite' header stack overflow Remote root/SYSTEM. Easy to exploit. 2 - Funny 'wahttp' NULL pointer dereference To reproduce it, execute the following command: $ telnet localhost 9999 GET /file/not/found HTTP/1.0 [ENTER] [ENTER] Fix: MaxDB 7.0.19 supposedly should fix these problems - http://dev.mysql.com/downloads/maxdb/7.5.00.html History: 25 May 2004 - vulnerability has been discovered by Evgeny Demidov 26 May 2004 - vulnerability details has been made available to VulnDisco clients 15 Oct 2004 - vulnerability has been reported to [EMAIL PROTECTED] 7 Dec 2004 - public release of the advisory _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves _______________________________________________ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[email protected]/
