Full Disclosure mailing list archives
[serg () mysql com: Re: MySQL 3.23.54a can be crased with a exploit for 3.23.53]
From: Len Rose <len () netsys com>
Date: Tue, 21 Jan 2003 10:39:22 -0500
----- Forwarded message from Sergei Golubchik <serg () mysql com> ----- Mailing-List: contact mysql-help () lists mysql com; run by ezmlm (http://www.ezmlm.org) List-ID: <mysql.mysql.com> Precedence: bulk List-Help: <mailto:mysql-help () lists mysql com> List-Unsubscribe: <mailto:mysql-unsubscribe-len=netsys.com () lists mysql com> List-Post: <mailto:mysql () lists mysql com> List-Subscribe: <mailto:mysql-subscribe () lists mysql com> Delivered-To: mailing list mysql () lists mysql com Date: Tue, 21 Jan 2003 16:19:42 +0100 From: Sergei Golubchik <serg () mysql com> To: Dennis Kruyt <d.kruyt () zx nl> Cc: bugtraq () securityfocus com, bugs () lists mysql com, mysql () lists mysql com Subject: Re: MySQL 3.23.54a can be crased with a exploit for 3.23.53 Mail-Followup-To: Dennis Kruyt <d.kruyt () zx nl>, bugtraq () securityfocus com, bugs () lists mysql com, mysql () lists mysql com In-Reply-To: <1A231876B7149843A53D220337C84A0009DA85 () exchange-test office zx nl> User-Agent: Mutt/1.5.1i Hi! On Jan 21, Dennis Kruyt wrote:
Hi, When I try the hoagie_mysql exploit from http://void.at/releases.html on a 3.23.54a MySQL server (witch sould be safe) then i can crash the database with this. How did I do it? I start hoagie_mysql with a valid db user (not root). Then press ctrl-c (abort) and start the tool again. Now the tool has reported that the attack has failed. But the MySQL db is restarted if i look in the error log and some normal connectie to the database then will fail. I have tried it on several server with success.
You should've contacted us (using security () mysql com) first so we'd be able to release fixed version :( Anyway, this is fixed. 3.23.55 will be released soon. For impatients, there's our bk tree, available publicaly Thanks for bugreport. Regards, Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg () mysql com> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/ --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <mysql-thread130516 () lists mysql com> To unsubscribe, e-mail <mysql-unsubscribe-len=netsys.com () lists mysql com> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php ----- End forwarded message ----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [serg () mysql com: Re: MySQL 3.23.54a can be crased with a exploit for 3.23.53] Len Rose (Jan 21)