Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html | Broken Link Exploit Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=103358628011935&w=2 | Mailing List |
http://www.iss.net/security_center/static/10243.php | Broken Link Vendor Advisory |
http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x | Broken Link |
http://www.securityfocus.com/bid/5853 | Broken Link Third Party Advisory VDB Entry |
http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt | Broken Link |
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html | Broken Link Exploit Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=103358628011935&w=2 | Mailing List |
http://www.iss.net/security_center/static/10243.php | Broken Link Vendor Advisory |
http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x | Broken Link |
http://www.securityfocus.com/bid/5853 | Broken Link Third Party Advisory VDB Entry |
http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
History
20 Nov 2024, 23:40
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html - Broken Link, Exploit, Patch, Vendor Advisory | |
References | () http://marc.info/?l=bugtraq&m=103358628011935&w=2 - Mailing List | |
References | () http://www.iss.net/security_center/static/10243.php - Broken Link, Vendor Advisory | |
References | () http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x - Broken Link | |
References | () http://www.securityfocus.com/bid/5853 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt - Broken Link |
26 Jan 2024, 17:19
Type | Values Removed | Values Added |
---|---|---|
References | (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html - Broken Link, Exploit, Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/5853 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt - Broken Link | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=103358628011935&w=2 - Mailing List | |
References | (CONFIRM) http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x - Broken Link | |
References | (XF) http://www.iss.net/security_center/static/10243.php - Broken Link, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CWE | CWE-120 | |
First Time |
Microsoft windows
Microsoft |
|
CPE | cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:* |
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:* cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
Information
Published : 2002-10-11 04:00
Updated : 2024-11-20 23:40
NVD link : CVE-2002-0969
Mitre link : CVE-2002-0969
CVE.ORG link : CVE-2002-0969
JSON object : View
Products Affected
oracle
- mysql
microsoft
- windows
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')