CVE-2003-0780

MySQL 4.0.14 and 3.23.x - Authenticated Buffer Overflow via Long Password Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0780. PoCs published by bkbll, Frank DENIS.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in MySQL 3.23.x/4.0.x by manipulating the user table's password field to inject shellcode. It uses a combination of SQL queries and out-of-band (OOB) data to trigger the overflow and achieve remote code execution.

Description

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Exploits (2)

exploitdb WORKING POC VERIFIED
by bkbll · cremotelinux
https://www.exploit-db.com/exploits/98

This exploit targets a buffer overflow vulnerability in MySQL 3.23.x/4.0.x by manipulating the user table's password field to inject shellcode. It uses a combination of SQL queries and out-of-band (OOB) data to trigger the overflow and achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MySQL 3.23.x/4.0.x
Auth required
Prerequisites: Valid MySQL root credentials · Network access to the MySQL server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Frank DENIS · textdoslinux
https://www.exploit-db.com/exploits/23138

This exploit demonstrates a buffer overflow vulnerability in MySQL server when handling excessively long user passwords. By altering the password field to a LONGTEXT type and updating it with an overly long string, an attacker with administrative privileges can trigger a buffer overflow, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MySQL server (versions affected by CVE-2003-0780)
Auth required
Prerequisites: Administrative privileges on the MySQL server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-282.html
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:094
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106364207129993&w=2
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-381
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/516492
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-281.html
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/337012
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9709
Mailing List vendor-advisory x_refsource_trustix
http://marc.info/?l=bugtraq&m=106381424420775&w=2

Scores

EPSS 0.7086
EPSS Percentile 98.7%

Details

Status published
Products (49)
conectiva/linux 7.0
conectiva/linux 8.0
conectiva/linux 9.0
mysql/mysql 4.1.0
oracle/mysql 3.23
oracle/mysql 3.23.2
oracle/mysql 3.23.3
oracle/mysql 3.23.4
oracle/mysql 3.23.5
oracle/mysql 3.23.8
... and 39 more
Published Sep 22, 2003
Tracked Since Feb 18, 2026