Oracle MySQL Database BO (May 21, 2010)

By

MySQL is an open-source implementation of a relational database. The database uses the MySQL protocol to communicate with clients over the network. MySQL has a number of built-in SQL functions which are designed to help users with the task of querying and updating it.

The server listens for connections on TCP port 3306 by default. Interaction with the database starts after a client is successfully authenticated. The protocol relies on a generic request/response scheme wherein the client sends SQL queries and receives the resulting data sets. All packets share the following common 4-byte header:

 Bytes Name ---------------------- 3 Packet Length (n) 1 Packet Number n Packet Data

The request/response mode is entered into after successful authentication. In all requests, the first byte of packet data is the command code.

A buffer overflow vulnerability exists in MySQL database server. The vulnerability is due to lack of input validation in the check_if_table_exists function. The vulnerable function copies user supplied data of a request into a fixed stack buffer without validating the length of the source data. As a result, critical stack data can be overwritten allowing for arbitrary code execution. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to a target server. The impact of the vulnerability is mitigated by the requirement of a successful authentication. Successful exploitation may lead to process flow diversion.

SonicWall has released an IPS signature to address a specific exploit targeting this vulnerability. The following signature addresses this vulnerability:

  • 5366 – MySQL COM_FIELD_LIST BO PoC

This vulnerability has been assigned the CVE-2010-1850 id by mitre.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.