{"vuid":"VU#367320","idnumber":"367320","name":"MySQL monitor drop database command contains buffer overflow","keywords":["MySQL","mysqld","monitor","drop database"],"overview":"MySQL is a popular open source database package. It contains a buffer overflow in the code that processes drop database commands.","clean_desc":"The MySQL server, mysqld, contains a buffer overflow in the code used to process  drop database requests. By carefully crafting a MySQL drop database request, such as through the mysql client, an intruder may be able to execute arbitrary code with the privileges of the MySQL server. If a MySQL database is available over the internet (e.g. through mysqld or through a web page), a remote intruder may be able to exploit this vulnerability. See also VU#123384.","impact":"Attackers able to authenticate to a MySQL database may be able to execute code with the privileges of the mysql server.","resolution":"Upgrade to MySQL version 3.23.33 or later.","workarounds":"","sysaffected":"","thanks":"Our thanks to \nJoao Gouveia who discovered this vulnerability and posted it to the \nsecurityfocus.com\n BugTraq mailing list on February 9, 2001.","author":"This document was written by Shawn V. Hernan.","public":[" http://www.securityfocus.com/archive/1/161917","http://www.mysql.com/doc/N/e/News-3.23.33.html","http://www.mysql.com/doc/D/R/DROP_DATABASE.html","http://www.kb.cert.org/vuls/id/123384"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-02-14T23:58:10Z","publicdate":"2001-02-09T00:00:00Z","datefirstpublished":"2001-02-18T03:58:15Z","dateupdated":"2001-02-18T03:58:42Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"15","cam_attackeraccessrequired":"14","cam_scorecurrent":"17.71875","cam_scorecurrentwidelyknown":"21.2625","cam_scorecurrentwidelyknownexploited":"35.4375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.71875,"vulnote":null}