CVE-2002-1375

MySQL 3.x < 3.23.54 and 4.x <= 4.0.6 - Remote Code Execution via COM_CHANGE_USER Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1375. PoCs published by Stefan Esser.

AI-analyzed exploit summary The writeup describes a memory corruption vulnerability in MySQL's COM_CHANGE_USER command due to insufficient bounds checking during password authentication. An attacker with valid database credentials could potentially overwrite the saved instruction pointer to execute arbitrary code in the context of the MySQL server process.

Description

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stefan Esser · textremoteunix

https://www.exploit-db.com/exploits/22085

View Code ZIP pw:eip

The writeup describes a memory corruption vulnerability in MySQL's COM_CHANGE_USER command due to insufficient bounds checking during password authentication. An attacker with valid database credentials could potentially overwrite the saved instruction pointer to execute arbitrary code in the context of the MySQL server process.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: MySQL (version not specified)

Auth required

Prerequisites: Valid database user account · Ability to issue COM_CHANGE_USER command

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103971644013961&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=104005886114500&w=2

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555

Patch, Vendor Advisory vendor-advisory x_refsource_engarde

http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html

Various Sources x_refsource_misc

http://security.e-matters.de/advisories/042002.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2002/dsa-212

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-288.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/10848

Various Sources vendor-advisory x_refsource_mandrake

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-166.html

Mailing List vendor-advisory x_refsource_gentoo

http://marc.info/?l=bugtraq&m=104004857201968&w=2

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2003_003_mysql.html

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6375

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-289.html

Various Sources vendor-advisory x_refsource_trustix

http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt

Third Party Advisory, VDB Entry vendor-advisory x_refsource_immunix

http://www.securityfocus.com/advisories/5269

Scores

EPSS 0.2351

EPSS Percentile 97.5%

Details

Status published

Products (50)

oracle/mysql 3.22.26

oracle/mysql 3.22.27

oracle/mysql 3.22.28

oracle/mysql 3.22.29

oracle/mysql 3.22.30

oracle/mysql 3.22.32

oracle/mysql 3.23.2

oracle/mysql 3.23.3

oracle/mysql 3.23.4

oracle/mysql 3.23.5

... and 40 more

Published Dec 23, 2002

Tracked Since Feb 18, 2026