CVE-2002-0969

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*

History

20 Nov 2024, 23:40

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html - Broken Link, Exploit, Patch, Vendor Advisory () http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html - Broken Link, Exploit, Patch, Vendor Advisory
References () http://marc.info/?l=bugtraq&m=103358628011935&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=103358628011935&w=2 - Mailing List
References () http://www.iss.net/security_center/static/10243.php - Broken Link, Vendor Advisory () http://www.iss.net/security_center/static/10243.php - Broken Link, Vendor Advisory
References () http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x - Broken Link () http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x - Broken Link
References () http://www.securityfocus.com/bid/5853 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/5853 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt - Broken Link () http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt - Broken Link

26 Jan 2024, 17:19

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : unknown
v2 : 4.6
v3 : 7.8
CWE NVD-CWE-Other CWE-120
References (MISC) http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt - (MISC) http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt - Broken Link
References (BID) http://www.securityfocus.com/bid/5853 - (BID) http://www.securityfocus.com/bid/5853 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x - (CONFIRM) http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x - Broken Link
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=103358628011935&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=103358628011935&w=2 - Mailing List
References (XF) http://www.iss.net/security_center/static/10243.php - Vendor Advisory (XF) http://www.iss.net/security_center/static/10243.php - Broken Link, Vendor Advisory
References (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html - Exploit, Patch, Vendor Advisory (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html - Broken Link, Exploit, Patch, Vendor Advisory
CPE cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*

Information

Published : 2002-10-11 04:00

Updated : 2024-11-20 23:40


NVD link : CVE-2002-0969

Mitre link : CVE-2002-0969

CVE.ORG link : CVE-2002-0969


JSON object : View

Products Affected

microsoft

  • windows

oracle

  • mysql
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')