mysqld buffer overflow exploit development

[rpc <h () ckz org>]

Guys,

After the specifics of the mysqld exploit were released to bugtraq, I began
working on an exploit for linux.  Has anyone confirmed that this is actually
exploitable?

Granted I've only been hacking away at it for 15 minutes, but it seems there's
a pretty strict character limitation. Can't jump into libc (no 0x40) nor the
stack (no 0xbf).

I was able to make it return into 0x80 space, but I don't know if there will be
anything useful that's addressable.

--rpc