Vulnerabilities > CVE-2003-1331 - Unspecified vulnerability in Oracle Mysql

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus
NVD
Published: 2003-12-31
Updated: 2024-11-20

Summary

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

Vulnerable Configurations

Part Description Count
Application
Oracle
4

Nessus

NASL familyDatabases
NASL idMYSQL_4_0_14.NASL
descriptionThe version of MySQL installed on the remote host is older than 4.0.14. The client library (libmysqlclient) is thus reportedly affected by a buffer overflow. A local attacker could execute arbitrary code through a long socket name. Note that RedHat does not consider that this flaw is a security issue.
last seen2020-06-01
modified2020-06-02
plugin id17822
published2012-01-18
reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/17822
titleMySQL < 4.0.14 libmysqlclient Buffer Overflow
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(17822);
  script_version("1.6");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id("CVE-2003-1331");
  script_bugtraq_id(7887);

  script_name(english:"MySQL < 4.0.14 libmysqlclient Buffer Overflow");
  script_summary(english:"Checks version of MySQL Server");

  script_set_attribute(attribute:"synopsis", value:
"Arbitrary code could be executed by the database client library on
the remote host.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL installed on the remote host is older than 4.0.14.

The client library (libmysqlclient) is thus reportedly affected by a
buffer overflow.  A local attacker could execute arbitrary code
through a long socket name. 

Note that RedHat does not consider that this flaw is a security
issue.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2003/Jun/371");
  script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 4.0.14 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}


include("mysql_version.inc");

mysql_check_version(fixed:'4.0.14', severity:SECURITY_WARNING);

Statements

contributorJoshua Bressers
lastmodified2007-06-29
organizationRed Hat
statementRed Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves.

References