Vulnerabilities > CVE-2003-1331 - Buffer Overrun vulnerability in MySQL libmysqlclient Library mysql_real_connect()

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

oracle

nessus

NVD

Published: 2003-12-31

Updated: 2019-10-07

Summary

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql 3.23.28 Oracle Mysql 4.0.7 Oracle Mysql 4.0.8 Oracle Mysql 4.0.9	4

Nessus

NASL family	Databases
NASL id	MYSQL_4_0_14.NASL
description	The version of MySQL installed on the remote host is older than 4.0.14. The client library (libmysqlclient) is thus reportedly affected by a buffer overflow. A local attacker could execute arbitrary code through a long socket name. Note that RedHat does not consider that this flaw is a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	17822
published	2012-01-18
reporter	This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17822
title	MySQL < 4.0.14 libmysqlclient Buffer Overflow
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17822); script_version("1.6"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2003-1331"); script_bugtraq_id(7887); script_name(english:"MySQL < 4.0.14 libmysqlclient Buffer Overflow"); script_summary(english:"Checks version of MySQL Server"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code could be executed by the database client library on the remote host."); script_set_attribute(attribute:"description", value: "The version of MySQL installed on the remote host is older than 4.0.14. The client library (libmysqlclient) is thus reportedly affected by a buffer overflow. A local attacker could execute arbitrary code through a long socket name. Note that RedHat does not consider that this flaw is a security issue."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2003/Jun/371"); script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 4.0.14 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:'4.0.14', severity:SECURITY_WARNING);

Statements

contributor	Joshua Bressers
lastmodified	2007-06-29
organization	Red Hat
statement	Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves.

Summary

Vulnerable Configurations

Nessus

Statements

References