[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030121103922.B11843@netsys.com>
From: len at netsys.com (Len Rose)
Subject: [serg@...ql.com: Re: MySQL 3.23.54a can be crased with a exploit for 3.23.53]
----- Forwarded message from Sergei Golubchik <serg@...ql.com> -----
Mailing-List: contact mysql-help@...ts.mysql.com; run by ezmlm (http://www.ezmlm.org)
List-ID: <mysql.mysql.com>
Precedence: bulk
List-Help: <mailto:mysql-help@...ts.mysql.com>
List-Unsubscribe: <mailto:mysql-unsubscribe-len=netsys.com@...ts.mysql.com>
List-Post: <mailto:mysql@...ts.mysql.com>
List-Subscribe: <mailto:mysql-subscribe@...ts.mysql.com>
Delivered-To: mailing list mysql@...ts.mysql.com
Date: Tue, 21 Jan 2003 16:19:42 +0100
From: Sergei Golubchik <serg@...ql.com>
To: Dennis Kruyt <d.kruyt@...nl>
Cc: bugtraq@...urityfocus.com, bugs@...ts.mysql.com, mysql@...ts.mysql.com
Subject: Re: MySQL 3.23.54a can be crased with a exploit for 3.23.53
Mail-Followup-To: Dennis Kruyt <d.kruyt@...nl>, bugtraq@...urityfocus.com,
bugs@...ts.mysql.com, mysql@...ts.mysql.com
In-Reply-To: <1A231876B7149843A53D220337C84A0009DA85@...hange-test.office.zx.nl>
User-Agent: Mutt/1.5.1i
Hi!
On Jan 21, Dennis Kruyt wrote:
> Hi,
>
> When I try the hoagie_mysql exploit from http://void.at/releases.html
> on a 3.23.54a MySQL server (witch sould be safe) then i can crash the
> database with this.
>
> How did I do it?
>
> I start hoagie_mysql with a valid db user (not root). Then press ctrl-c
> (abort) and start the tool again. Now the tool has reported that the
> attack has failed. But the MySQL db is restarted if i look in the error
> log and some normal connectie to the database then will fail. I have
> tried it on several server with success.
You should've contacted us (using security@...ql.com) first
so we'd be able to release fixed version :(
Anyway, this is fixed. 3.23.55 will be released soon.
For impatients, there's our bk tree, available publicaly
Thanks for bugreport.
Regards,
Sergei
--
MySQL Development Team
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg@...ql.com>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <mysql-thread130516@...ts.mysql.com>
To unsubscribe, e-mail <mysql-unsubscribe-len=netsys.com@...ts.mysql.com>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
----- End forwarded message -----
Powered by blists - more mailing lists