Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against MySQL COM_FIELD_LIST Packet Buffer Overflow

Subscribe

Check Point Reference: CPAI-2010-140
Date Published:
Severity:
Source: SecurityTracker Alert ID:  1024033
Industry Reference(s): CVE-2010-1850
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
MySQL prior to 5.1.47
Vulnerability Description
A buffer overflow vulnerability was reported in MySQL. The vulnerability is due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code.
Update/Patch Available
Vendor's advisory
Vulnerability Details
A remote authenticated user can send a COM_FIELD_LIST command packet with a specially crafted table name argument to trigger a buffer overflow and potentially execute arbitrary code on the target system.

Protection Overview
The protection will detect and block MySQL COM_FIELD_LIST commands with overly large table names.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Network Security > MySQL Parser, and select the MySQL Vulnerabilities protection group.
3. Click Oracle MySQL Database COM_FIELD_LIST Buffer Overflow Vulnerability (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?

Upon attack, the following entries will be logged:

Alert Name: MySQL Backend
Description: Oracle MySQL Database COM_FIELD_LIST Buffer Overflow Vulnerability