Vulnerabilities > CVE-2005-0684 - Remote Buffer Overflow vulnerability in MySQL MaxDB HTTP GET Request

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mysql
critical
exploit available
metasploit

Summary

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.

Exploit-Db

descriptionMaxDB WebDBM GET Buffer Overflow. CVE-2005-0684. Remote exploit for windows platform
idEDB-ID:16791
last seen2016-02-02
modified2010-05-09
published2010-05-09
reportermetasploit
sourcehttps://www.exploit-db.com/download/16791/
titleMaxDB WebDBM GET Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:\Program Files\sdb\programs\web\Documents
idMSF:EXPLOIT/WINDOWS/HTTP/MAXDB_WEBDBM_GET_OVERFLOW
last seen2020-05-23
modified2017-07-24
published2005-12-26
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb
titleMaxDB WebDBM GET Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83068/maxdb_webdbm_get_overflow.rb.txt
idPACKETSTORM:83068
last seen2016-12-05
published2009-11-26
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/83068/MaxDB-WebDBM-GET-Buffer-Overflow.html
titleMaxDB WebDBM GET Buffer Overflow

Saint

bid13368
descriptionMySQL MaxDB WebTools special character buffer overflow
idweb_tool_maxdbbo
osvdb15816
titlemaxdb_webtool_special_character_bo
typeremote