SecuriTeam - MySQL MaxDB Web Agent WebDBM Server Name DoS

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is a heavy-duty, SAP-certified open source database that offers high availability, scalability and a comprehensive feature set. MaxDB complements the MySQL database server, targeted for large mySAP ERP environments and other applications that require maximum enterprise-level database functionality.

Remote exploitation of an input validation error in MySQL MaxDB could allow attackers to trigger a denial of service condition.

Credit:
The information has been provided by iDEFENSE Security Labs.
The original article can be found at: http://www.idefense.com/application/poi/display?id=150&type=vulnerabilities

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* MaxDB SAP database version 7.5, Linux and Windows platforms

Immune Systems:
* MaxDB SAP database version 7.5.00.18

CVE Information:
CAN-2004-0931

The problem exists due to improper input validation of a user-supplied variable in the IsAscii7() function. Remote attackers can send a specially crafted HTTP request to webdbm with the 'Server' value containing ASCII values above 0x7F to cause an assert directive to fail, resulting in a DoS condition.

    wahttp:
    ToolsCommon/Tools_DynamicUTF8String.hpp:249:
    Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)
    Assertion `IsAscii7(src)' failed.

    Program received signal SIGABRT, Aborted.
    [Switching to Thread 10251 (LWP 12706)]
    0x40429781 in kill () from /lib/libc.so.6

Impact
Successful exploitation allows remote attackers to trigger a denial of service condition on the web agent component of MaxDB.

Vendor Status:
The MySQL developers have fixed the issue in the newer 7.5.00.18 version. It is advisable to perform an upgrade of the DB system.

Disclosure Timeline
08/16/2004 Initial vendor notification
08/16/2004 iDEFENSE clients notified
08/19/2004 Initial vendor response
10/06/2004 Coordinated public disclosure

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability