{"vuid":"VU#645326","idnumber":"645326","name":"MySQL fails to properly handle overly long \"scramble\" values","keywords":["MySQL","buffer overflow","my_rnd() function","scramble value"],"overview":"There is a buffer overflow vulnerability in the way MySQL handles overly long \"scramble\" strings, which could allow an attacker to cause a denial of service or potentially execute arbitrary code.","clean_desc":"MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems. There is a vulnerability in MySQL in which an overly long \"scramble\" string generated by the my_rnd() function could cause a buffer overflow to occur. It has been reported that versions 4.1 prior to 4.1.3 and version 5.0 are affected.","impact":"A remote, unauthenticated attacker could cause a denial of service or potentially execute code of the attacker's choice.","resolution":"Upgrade\nAccording to the NGSSoftware Security Advisory, this vulnerability has been fixed in version 4.1.3 (Beta) and version 5.0 (Alpha). Note: Users should exercise caution before installing beta or alpha releases.","workarounds":"Restrict access Block or restrict access to the MySQL service (typically 3306/tcp) from untrusted networks such as the Internet.","sysaffected":"","thanks":"This vulnerability was reported by Chris Anley of \nNGSSoftware","author":"This document was written by Damon Morda.","public":["http://www.nextgenss.com/advisories/mysql-authbypass.txt","http://secunia.com/advisories/12020/","http://www.securitytracker.com/alerts/2004/Jul/1010645.html","http://xforce.iss.net/xforce/xfdb/16612"],"cveids":["CVE-2004-0628"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-07-07T15:55:23Z","publicdate":"2004-07-01T00:00:00Z","datefirstpublished":"2004-07-12T21:10:30Z","dateupdated":"2004-07-21T18:13:28Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"7","cam_easeofexploitation":"10","cam_attackeraccessrequired":"17","cam_scorecurrent":"2.23125","cam_scorecurrentwidelyknown":"2.7890625","cam_scorecurrentwidelyknownexploited":"5.0203125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.23125,"vulnote":null}