Details of VAR-200412-1126

ID

VAR-200412-1126

CVE

CVE-2004-0931

TITLE

MySQL MaxDB WebDBM Server Name Service Rejection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-644

DESCRIPTION

MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. A remotely exploitable denial of service vulnerability exists in MaxDB. This will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. This issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability iDEFENSE Security Advisory 10.06.04a: www.idefense.com/application/poi/display?id=150&type=vulnerabilities October 6, 2004 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is a heavy-duty, SAP-certified open source database that offers high availability, scalability and a comprehensive feature set. MaxDB complements the MySQL database server, targeted for large mySAP ERP environments and other applications that require maximum enterprise-level database functionality. II. The problem specifically exists due to improper input validation of a user-supplied variable in the IsAscii7() function. wahttp: ToolsCommon/Tools_DynamicUTF8String.hpp:249: Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *) Assertion `IsAscii7(src)' failed. Program received signal SIGABRT, Aborted. [Switching to Thread 10251 (LWP 12706)] 0x40429781 in kill () from /lib/libc.so.6 III. IV. DETECTION iDEFENSE has confirmed that SAP DB version 7.5 for both Linux and Windows is vulnerable. V. WORKAROUND Use of an ingress perimeter firewall filter can help detect and mitigate the risk of attack. VI. VENDOR RESPONSE "A solution for the issue is available with MaxDB 7.5.00.18." VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the names CAN-2004-0931 to these issues. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 08/16/2004 Initial vendor notification 08/16/2004 iDEFENSE clients notified 08/19/2004 Initial vendor response 10/06/2004 Coordinated public disclosure IX. CREDIT Patrik Karlsson (cqure.net) is credited with this discovery. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp X. LEGAL NOTICES Copyright (c) 2004 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Trust: 1.26

sources: NVD: CVE-2004-0931 // BID: 11346 // PACKETSTORM: 34608

AFFECTED PRODUCTS

vendor:	mysql	model:	maxdb	scope:	eq	version:	7.5.00.16	Trust: 1.6
vendor:	mysql	model:	maxdb	scope:	eq	version:	7.5.00.15	Trust: 1.6
vendor:	mysql	model:	maxdb	scope:	eq	version:	7.5.00.14	Trust: 1.6
vendor:	mysql	model:	maxdb	scope:	eq	version:	7.5.00.12	Trust: 1.6
vendor:	mysql	model:	maxdb	scope:	eq	version:	7.5.00.11	Trust: 1.6
vendor:	mysql	model:	maxdb	scope:	eq	version:	7.5.00.08	Trust: 1.6
vendor:	sap	model:	db	scope:	eq	version:	7.5	Trust: 0.3
vendor:	mysql	model:	ab maxdb	scope:	eq	version:	7.5.00.16	Trust: 0.3
vendor:	mysql	model:	ab maxdb	scope:	eq	version:	7.5.00.15	Trust: 0.3
vendor:	mysql	model:	ab maxdb	scope:	eq	version:	7.5.00.14	Trust: 0.3
vendor:	mysql	model:	ab maxdb	scope:	eq	version:	7.5.00.12	Trust: 0.3
vendor:	mysql	model:	ab maxdb	scope:	eq	version:	7.5.00.11	Trust: 0.3
vendor:	mysql	model:	ab maxdb	scope:	eq	version:	7.5.00.08	Trust: 0.3
vendor:	mysql	model:	ab maxdb	scope:	ne	version:	7.5.00.18	Trust: 0.3

sources: BID: 11346 // CNNVD: CNNVD-200412-644 // NVD: CVE-2004-0931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0931
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-644
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2004-0931
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200412-644 // NVD: CVE-2004-0931

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0931

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 34608 // CNNVD: CNNVD-200412-644

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200412-644

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0931	Trust: 2.0
db:	BID	id:	11346	Trust: 1.9
db:	OSVDB	id:	10532	Trust: 1.6
db:	SECUNIA	id:	12756	Trust: 1.6
db:	IDEFENSE	id:	20041006 MYSQL MAXDB WEB AGENT WEBDBMSERVER NAME DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	XF	id:	7	Trust: 0.6
db:	XF	id:	17633	Trust: 0.6
db:	CNNVD	id:	CNNVD-200412-644	Trust: 0.6
db:	PACKETSTORM	id:	34608	Trust: 0.1

sources: BID: 11346 // PACKETSTORM: 34608 // CNNVD: CNNVD-200412-644 // NVD: CVE-2004-0931

REFERENCES

url:	http://www.idefense.com/application/poi/display?id=150&type=vulnerabilities&flashstatus=false	Trust: 2.2
url:	http://www.securityfocus.com/bid/11346	Trust: 1.6
url:	http://www.secunia.com/advisories/12756	Trust: 1.6
url:	http://www.osvdb.org/10532	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17633	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/17633	Trust: 0.6
url:	http://www.idefense.com/application/poi/display?id=150&type=vulnerabilities	Trust: 0.4
url:	http://www.mysql.com/products/maxdb/	Trust: 0.3
url:	http://lists.netsys.com/full-disclosure-charter.html	Trust: 0.1
url:	http://www.idefense.com/poi/teams/vcp.jsp	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0931	Trust: 0.1
url:	http://cve.mitre.org),	Trust: 0.1

sources: BID: 11346 // PACKETSTORM: 34608 // CNNVD: CNNVD-200412-644 // NVD: CVE-2004-0931

CREDITS

Discovery is credited to Patrik Karlsson.

Trust: 0.9

sources: BID: 11346 // CNNVD: CNNVD-200412-644

SOURCES

db:	BID	id:	11346
db:	PACKETSTORM	id:	34608
db:	CNNVD	id:	CNNVD-200412-644
db:	NVD	id:	CVE-2004-0931

LAST UPDATE DATE

2024-08-14T12:17:47.636000+00:00

SOURCES UPDATE DATE

db:	BID	id:	11346	date:	2009-07-12T07:06:00
db:	CNNVD	id:	CNNVD-200412-644	date:	2006-03-28T00:00:00
db:	NVD	id:	CVE-2004-0931	date:	2017-07-11T01:30:35.307

SOURCES RELEASE DATE

db:	BID	id:	11346	date:	2004-10-07T00:00:00
db:	PACKETSTORM	id:	34608	date:	2004-10-13T05:40:14
db:	CNNVD	id:	CNNVD-200412-644	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-0931	date:	2004-12-31T05:00:00