Bugtraq mailing list archives
Re: MSQL 2.0.1 Bug
From: dglo () SSEC WISC EDU (Dave Glowacki)
Date: Wed, 13 Aug 1997 10:12:06 -0500
Msql v2.0.1 can be killed off by telneting into the port running msql on a remote system and pressing Ctrl-C. May requre pressing Ctrl-C a few times... The msql server recievies a kill sig and dies off.
Actually, the server receives an out-of-band msg inline, tries to translate it into a 4-byte integer (ending up with a very large negative number) and then uses that offset to set the "end" of the string to 0, causing a SIGSEGV The following patch adds code which checks for a negative offset and, if found, returns an error. *** net.c 1997/08/13 14:25:44 1.1 --- net.c 1997/08/13 14:36:39 *************** *** 158,163 **** --- 158,169 ---- alarm(0); return(-1); } + if (len < 0) + { + fprintf(stderr,"Packet too small (%d)\n", len); + alarm(0); + return(-1); + } remain = len; offset = 0; while(remain > 0)
Current thread:
- MSQL 2.0.1 Bug vempire (Aug 11)
- Re: MSQL 2.0.1 Bug Dave Glowacki (Aug 13)
- BoS: solaris 2.5 D.O.S. attack Aleph One (Aug 16)