Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0969

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-0969
Last Modified 10 Sep 2008 03:13:28
Published 11 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0969

Summary

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

Vulnerable Systems

Application

  • Mysql 3.23.49

  • Mysql 4.0.0

  • Mysql 4.0.1


References

VULNWATCH - 20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow

MISC - http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt

CONFIRM - http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x

XF - mysql-myini-datadir-bo(10243)

BID - 5853


Last Updated: 27 May 2016 10:37:08