MySQL password handler exploit v1.12

Vulnerability exploited: CAN-2003-0780 - BID-8590

Category: Exploits/Remote

This module installs a level0 agent using a stack based overflow vulnerability located in MySQL Server.
MySQL server has been reported prone to a buffer overflow vulnerability when handling user passwords of excessive size.The issue presents itself, due to a lack of sufficient bounds checking performed when processing MySQL user passwords. A password greater that 16 characters may overrun the bounds of a reserved buffer in memory and corrupt adjacent memory. An attacker with global administrative privileges on an affected MySQL server may potentially exploit this condition to have arbitrary supplied instructions executed in the context of the MySQL server.This exploit takes advantage of the described vulnerability in order to install a level0 agent.

Supported Systems:
    Windows 2000 Server - sp0 (i386)
    Windows 2000 Server - sp1 (i386)
    Windows 2000 Server - sp2 (i386)
    Windows 2000 Server - sp3 (i386)
    Windows 2000 Server - sp4 (i386)
    Windows 2000 Advanced Server - sp0 (i386)
    Windows 2000 Advanced Server - sp1 (i386)
    Windows 2000 Advanced Server - sp2 (i386)
    Windows 2000 Advanced Server - sp3 (i386)
    Windows 2000 Advanced Server - sp4 (i386)
    Windows 2000 Professional - sp0 (i386)
    Windows 2000 Professional - sp1 (i386)
    Windows 2000 Professional - sp2 (i386)
    Windows 2000 Professional - sp3 (i386)
    Windows 2000 Professional - sp4 (i386)
    Windows XP Professional - sp0 (i386)
    Windows XP Professional - sp1 (i386)
    Windows XP Home Edition - sp0 (i386)
    Windows XP Home Edition - sp1 (i386)
    MySQL 3.23.42
    MySQL 3.23.43
    MySQL 3.23.44
    MySQL 3.23.45
    MySQL 3.23.46
    MySQL 3.23.46a
    MySQL 3.23.47
    MySQL 3.23.48
    MySQL 3.23.49
    MySQL 3.23.51
    MySQL 3.23.52
    MySQL 3.23.53
    MySQL 3.23.54
    MySQL 3.23.55
    MySQL 3.23.56
    MySQL 3.23.57
    MySQL 4.0.0-alpha
    MySQL 4.0.1-alpha
    MySQL 4.0.10-gamma
    MySQL 4.0.12
    MySQL 4.0.13
    MySQL 4.0.14


This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.