Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2005 > iDEFENSE Security Advisory; MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities

March 2005

iDEFENSE Security Advisory; MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities

ID: 00214
Ref: 194/2005
Date: 15 March 2005:14:44:58
Version: 1
Title: iDEFENSE Security Advisory; MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities
Abstract: A number of remotely exploitable input validation errors have been found to exist in MySQL MaxDB and SAP DB Web Agent products.
Vendors affected: iDEFENSE
Operating systems affected: iDEFENSE
Applications affected: iDEFENSE
Title
=====

iDEFENSE Security Advisory; MySQL MaxDB Web Agent Multiple Denial of
Service Vulnerabilities

Detail
======

A number of remotely exploitable input validation errors have been
found to exist in MySQL MaxDB and SAP DB Web Agent products.




MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities

iDEFENSE Security Advisory 03.14.05
www.idefense.com/application/poi/display?id=218&type=vulnerabilities
March 14, 2005

I. BACKGROUND

MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP
AG's open source database. MaxDB is a heavy-duty, SAP-certified open
source database that offers high availability, salability and a
comprehensive feature set. MaxDB complements the MySQL database server,
targeted for large mySAP ERP environments and other applications that
require maximum enterprise-level database functionality.

II. DESCRIPTION

A number of remotely exploitable input validation errors have been
found to exist in MySQL MaxDB and SAP DB Web Agent products.

The vulnerabilities specifically exist due to insufficient validation
of user input data. The input validation error results in a null pointer
dereference in the following functions which can lead to a denial of
service condition:

DBMCli_String::ReallocString
DBMCli_String::operator
DBMCli_Buffer::ForceResize
DBMCli_Wizard::InstallDatabase
DBMCli_Devspaces::Complete
DBMWeb_TemplateWizard::askForWriteCountStep5
DBMWeb_DBMWeb::wizardDB

A remote attacker can request the function with invalid parameters to
cause a null pointer dereference resulting in a crash of MySQL MaxDB Web Agent.

III. ANALYSIS

Exploitation allows remote attackers to cause a denial of service condition.
The attacks are trivially exploited, as a remote attacker can send simple
HTTP requests to cause MaxDB Web Agent to crash.

IV. DETECTION

iDEFENSE has confirmed that MySQL MaxDB 7.5.00 for Windows is vulnerable.
It is suspected that earlier versions and versions on other platforms are
vulnerable as well.

V. WORKAROUND

Use a firewall to only allow trusted hosts to connect to the MySQL MaxDB
Web Agent HTTP Service.

VI. VENDOR RESPONSE

These vulnerabilities are addressed in MySQL MaxDB 7.5.00.24 available for
download at:

http://dev.mysql.com/downloads/maxdb/7.5.00.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2005-0083 to these issues. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for security
problems.

VIII. DISCLOSURE TIMELINE

09/15/2004 Initial vendor contact
01/06/2005 Secondary vendor contact
01/07/2005 Initial vendor response
03/14/2005 Public disclosure

IX. CREDIT

An anonymous contributor is credited with discovering this vulnerability.

Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events http://labs.idefense.com

X. LEGAL NOTICES

Copyright (c) 2005 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert electronically.
It may not be edited in any way without the express written consent of iDEFENSE.
If you wish to reprint the whole or any part of this alert in any other medium
other than electronically, please email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate at the
time of publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition. There are
no warranties with regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect, or consequential
loss or damage arising from use of, or reliance on, this information.

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |