• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MySQL DataDir Parameter Local Buffer Overflow Vulnerability

A vulnerability has been discovered in MySQL.

By supplying an overly long parameter string, in a MySQL configuration file, it is possible to overflow a buffer, resulting in memory corruption.

By exploiting this issue, it may be possible for an attacker to execute arbitrary commands within the context of the SYSTEM user, which is the default process owner.

This vulnerability has been reported to affect MySQL for Windows. It is not known whether other operating environments are vulnerable to this issue.