[原文]Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
Remote / Network Access
Loss of Integrity
MaxDB Webtool contains a flaw that may allow a malicious attacker to execute arbitrary code. The issue is triggered when the getlfHeader() function fails to properly limit user supplied input allowing for a buffer overflow. With a specially crafted request, an attacker may be able to overflow the buffer with custom code that would be executed with the same privileges as the Webtool.
Upgrade to version 7.5.00.26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.