CVE-2002-0969 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2002-0969?

CVE-2002-0969 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-0969?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Microsoft Windows.

Vulnerability Description

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Mysql	< 3.23.50
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-120

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.htmlBroken LinkExploitPatch
http://marc.info/?l=bugtraq&m=103358628011935&w=2Mailing List
http://www.iss.net/security_center/static/10243.phpBroken LinkVendor Advisory
http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.xBroken Link
http://www.securityfocus.com/bid/5853Broken LinkThird Party AdvisoryVDB Entry
http://www.westpoint.ltd.uk/advisories/wp-02-0003.txtBroken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.htmlBroken LinkExploitPatch
http://marc.info/?l=bugtraq&m=103358628011935&w=2Mailing List
http://www.iss.net/security_center/static/10243.phpBroken LinkVendor Advisory
http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.xBroken Link
http://www.securityfocus.com/bid/5853Broken LinkThird Party AdvisoryVDB Entry
http://www.westpoint.ltd.uk/advisories/wp-02-0003.txtBroken Link

FAQ

What is CVE-2002-0969?

CVE-2002-0969 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini init...

How severe is CVE-2002-0969?

CVE-2002-0969 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0969?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Microsoft Windows.