CVE-2003-0780

Severity

90%

Complexity

80%

Confidentiality

165%

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

CVSS 2.0 Base Score 9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C).

Overview

First reported 21 years ago

2003-09-22 04:00:00

Last updated 5 years ago

2019-12-17 17:11:00

Affected Software

MySQL MySQL 4.1.0

4.1.0

Oracle MySQL 3.23

3.23

Oracle MySQL 3.23.2

3.23.2

Oracle MySQL 3.23.3

3.23.3

Oracle MySQL 3.23.4

3.23.4

Oracle MySQL 3.23.5

3.23.5

Oracle MySQL 3.23.8

3.23.8

Oracle MySQL 3.23.9

3.23.9

Oracle MySQL 3.23.10

3.23.10

Oracle MySQL 3.23.22

3.23.22

Oracle MySQL 3.23.23

3.23.23

Oracle MySQL 3.23.24

3.23.24

Oracle MySQL 3.23.25

3.23.25

Oracle MySQL 3.23.26

3.23.26

Oracle MySQL 3.23.27

3.23.27

Oracle MySQL 3.23.28

3.23.28

Oracle MySQL 3.23.28 Gamma

3.23.28

Oracle MySQL 3.23.29

3.23.29

Oracle MySQL 3.23.30

3.23.30

Oracle MySQL 3.23.31

3.23.31

Oracle MySQL 3.23.32

3.23.32

Oracle MySQL 3.23.33

3.23.33

Oracle MySQL 3.23.34

3.23.34

Oracle MySQL 3.23.36

3.23.36

Oracle MySQL 3.23.37

3.23.37

Oracle MySQL 3.23.38

3.23.38

Oracle MySQL 3.23.39

3.23.39

Oracle MySQL 3.23.40

3.23.40

Oracle MySQL 3.23.41

3.23.41

Oracle MySQL 3.23.42

3.23.42

Oracle MySQL 3.23.43

3.23.43

Oracle MySQL 3.23.44

3.23.44

Oracle MySQL 3.23.45

3.23.45

Oracle MySQL 3.23.46

3.23.46

Oracle MySQL 3.23.47

3.23.47

Oracle MySQL 3.23.48

3.23.48

Oracle MySQL 3.23.49

3.23.49

Oracle MySQL 3.23.50

3.23.50

Oracle MySQL 3.23.51

3.23.51

Oracle MySQL 3.23.52

3.23.52

Oracle MySQL 3.23.53

3.23.53

Oracle MySQL 3.23.53a

3.23.53a

Oracle MySQL 3.23.54

3.23.54

Oracle MySQL 3.23.54a

3.23.54a

Oracle MySQL 3.23.55

3.23.55

Oracle MySQL 3.23.56

3.23.56

Oracle MySQL 4.0.0

4.0.0

Oracle MySQL 4.0.1

4.0.1

Oracle MySQL 4.0.2

4.0.2

Oracle MySQL 4.0.3

4.0.3

Oracle MySQL 4.0.4

4.0.4

Oracle MySQL 4.0.5

4.0.5

Oracle MySQL 4.0.5a

4.0.5a

Oracle MySQL 4.0.6

4.0.6

Oracle MySQL 4.0.7

4.0.7

Oracle MySQL 4.0.7 Gamma

4.0.7

Oracle MySQL 4.0.8

4.0.8

Oracle MySQL 4.0.8 Gamma

4.0.8

Oracle MySQL 4.0.9

4.0.9

Oracle MySQL 4.0.9 Gamma

4.0.9

Oracle MySQL 4.0.10

4.0.10

Oracle MySQL 4.0.11

4.0.11

Oracle MySQL 4.0.11 Gamma

4.0.11

Oracle MySQL 4.0.12

4.0.12

Oracle MySQL 4.0.13

4.0.13

Oracle MySQL 4.0.14

4.0.14

Oracle MySQL 4.1.0 Alpha

4.1.0

Conectiva Conectiva Linux 7.0

7.0

Conectiva Conectiva Linux 8.0

8.0

Conectiva Linux 9.0

9.0

References

CLA-2003:743

20030910 Buffer overflow in MySQL

20030913 exploit for mysql -- [get_salt_from_password] problem

2003-0034

9709

DSA-381

Patch, Vendor Advisory

VU#516492

US Government Resource

MDKSA-2003:094

RHSA-2003:281

Patch, Vendor Advisory

RHSA-2003:282

20030910 Buffer overflow in MySQL

Exploit, Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.