FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql50-server -- COM_TABLE_DUMP arbitrary code execution

Affected packages
5.0 < mysql-server < 5.0.21

Details

VuXML ID a8d8713e-dc83-11da-a22b-000c6ec775d9
Discovery 2006-05-02
Entry 2006-05-06

Stefano Di Paola reports:

An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow.

To take advantage of these flaws an attacker should have direct access to MySQL server communication layer (port 3306 or unix socket). But if used in conjuction with some web application flaws (i.e. php code injection) an attacker could use socket programming (i.e. php sockets) to gain access to that layer.

References

CVE Name CVE-2006-1518
Message 1146577257.5679.217.camel@first
URL http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
URL http://www.wisec.it/vulns.php?page=8