Vulnerabilities > CVE-2005-0684 - Remote Buffer Overflow vulnerability in MySQL MaxDB HTTP GET Request
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Exploit-Db
description | MaxDB WebDBM GET Buffer Overflow. CVE-2005-0684. Remote exploit for windows platform |
id | EDB-ID:16791 |
last seen | 2016-02-02 |
modified | 2010-05-09 |
published | 2010-05-09 |
reporter | metasploit |
source | https://www.exploit-db.com/download/16791/ |
title | MaxDB WebDBM GET Buffer Overflow |
Metasploit
description | This module exploits a stack buffer overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:\Program Files\sdb\programs\web\Documents |
id | MSF:EXPLOIT/WINDOWS/HTTP/MAXDB_WEBDBM_GET_OVERFLOW |
last seen | 2020-05-23 |
modified | 2017-07-24 |
published | 2005-12-26 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb |
title | MaxDB WebDBM GET Buffer Overflow |
Packetstorm
data source | https://packetstormsecurity.com/files/download/83068/maxdb_webdbm_get_overflow.rb.txt |
id | PACKETSTORM:83068 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | H D Moore |
source | https://packetstormsecurity.com/files/83068/MaxDB-WebDBM-GET-Buffer-Overflow.html |
title | MaxDB WebDBM GET Buffer Overflow |
Saint
bid | 13368 |
description | MySQL MaxDB WebTools special character buffer overflow |
id | web_tool_maxdbbo |
osvdb | 15816 |
title | maxdb_webtool_special_character_bo |
type | remote |