Vulnerabilities > CVE-2001-1274 - Unspecified vulnerability in Oracle Mysql
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
Vulnerable Configurations
Exploit-Db
| description | Mysql 3.22.x/3.23.x Local Buffer Overflow Vulnerability. CVE-2001-1274. Local exploit for linux platform |
| id | EDB-ID:20581 |
| last seen | 2016-02-02 |
| modified | 2001-01-18 |
| published | 2001-01-18 |
| reporter | Luis Miguel Silva |
| source | https://www.exploit-db.com/download/20581/ |
| title | Mysql 3.22.x/3.23.x - Local Buffer Overflow Vulnerability |
Nessus
NASL family Databases NASL id MYSQL_3_23_31.NASL description The version of MySQL installed on the remote host allows a remote attacker to exploit a buffer overflow and crash the server, or even execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 17817 published 2012-01-18 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17817 title MySQL < 3.23.31 Buffer Overflow NASL family Debian Local Security Checks NASL id DEBIAN_DSA-013.NASL description Nicolas Gregoire has reported a buffer overflow in the mysql server that leads to a remote exploit. An attacker could gain mysqld privileges (and thus gaining access to all the databases). last seen 2020-06-01 modified 2020-06-02 plugin id 14850 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14850 title Debian DSA-013 : MySQL - remote buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-014.NASL description A security problem exists in all versions of MySQL after 3.23.2 and prior to 3.23.31. The problem is that the SHOW GRANTS command could be executed by any user making it possible for anyone with a MySQL account to get the crypted password from the mysql.user table. The new 3.23.31 version fixes this. Due to library changes, the previously announced PHP update (MDKSA-2001:013) has been updated as well so that the php-mysql module supports this new version of MySQL. It also corrects the upgrade scripts in the package, however you will still need to verify that PHP support is enabled in your /etc/httpd/conf/httpd.conf Apache configuration file and verify that the installed modules are uncommented in your /etc/php.ini file. Update : Previous versions of MySQL also suffered from a buffer overflow problem that has been corrected in the recent releases. This update fixes the buffer overflow problem in the MySQL packages provided with Linux- Mandrake 7.1 and Corporate Server 1.0.1. last seen 2020-06-01 modified 2020-06-02 plugin id 61888 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61888 title Mandrake Linux Security Advisory : MySQL (MDKSA-2001:014-1)
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000375
- http://marc.info/?l=bugtraq&m=98089552030459&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt
- http://www.debian.org/security/2001/dsa-013
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3
- http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.3
- http://www.redhat.com/support/errata/RHSA-2001-003.html