Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Database)  >   libmysqlclient Vendors:
MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
SecurityTracker Alert ID:  1006976
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 13 2003
Impact:   Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network

Version(s): 4.x and prior versions
Description:   A buffer overflow vulnerability was reported in the MySQL libmysqlclient software. A remote or local user may be able to cause arbitrary code to be executed or cause an application to crash, depending on how the application uses the vulnerable libmysqlclient library

SCAN Associates reported that the mysql_real_connect() function contains a buffer overflow. A UNIX socked name greater than 300 characters can trigger the overflow and potentially execute arbitrary code.

A demonstration exploit example is provided:

mysql -S `perl -e 'print "A" x 350'` -hlocalhost

The extent to which this flaw can be exploited depends on the application that uses the affected function call. In some applications, a remote or local user may be able to cause the application to execute arbitrary code.

The vendor has reportedly been notified (on June 1, 2003).

Impact:   The impact depends on the application that uses the vulnerable function call. In some implementations, it may be possible for a remote or local user to execute arbitrary code on the target application.
Solution:   No solution was available at the time of this entry. The vendor reportedly plans to issue a fix soon.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] libmysqlclient 4.x and below mysql_real_connect() buffer overflow.

SCAN Associates Sdn Bhd Security Advisory

Products: libmysqlclient 4.x and below (
Date: 12 June 2003
Author:  pokleyzz <>

Summary: libmysqlclient 4.x and below mysql_real_connect() buffer overflow.

libmysqlclient is  client library to communicate with mysql server.   

There is stack buffer overflow in mysql_real_connect() function with 
long unix socket name (over 300 character).

	mysql -S `perl -e 'print "A" x 350'` -hlocalhost

proof of concept
This bug have succesfully test on safe_mode php in our latest geeklog bug where user can upload 
*.php file.

    for ($i;$i<350;$i++)
    	$buff .= "A";
    mysql_connect("localhost", "blabla", "blabla");

Vendor Response 
Vendor has been contacted on 06/01/2003 and fix will available soon.

Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC