Vulnerability Details : CVE-2003-0780
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
Vulnerability category: OverflowExecute code
Products affected by CVE-2003-0780
- cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
Threat overview for CVE-2003-0780
Top countries where our scanners detected CVE-2003-0780
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2003-0780 850
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2003-0780!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2003-0780
91.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0780
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
References for CVE-2003-0780
-
http://www.redhat.com/support/errata/RHSA-2003-282.html
-
http://www.securityfocus.com/archive/1/337012
Exploit;Patch;Vendor Advisory
-
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html
-
http://www.kb.cert.org/vuls/id/516492
US Government Resource
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:094
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
-
http://marc.info/?l=bugtraq&m=106364207129993&w=2
-
http://www.debian.org/security/2003/dsa-381
Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-281.html
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=106381424420775&w=2
Jump to