|
|
|
|
| |
MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is a heavy-duty, SAP-certified open source database that offers high availability, scalability and a comprehensive feature set. MaxDB complements the MySQL database server, targeted for large mySAP ERP environments and other applications that require maximum enterprise-level database functionality.
Remote exploitation of an input validation error in MySQL MaxDB could allow attackers to trigger a denial of service condition. |
| |
Credit:
The information has been provided by iDEFENSE Security Labs.
The original article can be found at: http://www.idefense.com/application/poi/display?id=150&type=vulnerabilities
|
| |
Vulnerable Systems:
* MaxDB SAP database version 7.5, Linux and Windows platforms
Immune Systems:
* MaxDB SAP database version 7.5.00.18
CVE Information:
CAN-2004-0931
The problem exists due to improper input validation of a user-supplied variable in the IsAscii7() function. Remote attackers can send a specially crafted HTTP request to webdbm with the 'Server' value containing ASCII values above 0x7F to cause an assert directive to fail, resulting in a DoS condition.
wahttp:
ToolsCommon/Tools_DynamicUTF8String.hpp:249:
Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)
Assertion `IsAscii7(src)' failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread 10251 (LWP 12706)]
0x40429781 in kill () from /lib/libc.so.6
Impact
Successful exploitation allows remote attackers to trigger a denial of service condition on the web agent component of MaxDB.
Vendor Status:
The MySQL developers have fixed the issue in the newer 7.5.00.18 version. It is advisable to perform an upgrade of the DB system.
Disclosure Timeline
08/16/2004 Initial vendor notification
08/16/2004 iDEFENSE clients notified
08/19/2004 Initial vendor response
10/06/2004 Coordinated public disclosure
|
|
|
|
|
|
|
|
|
|
