Hi! On Mar 20, Scott Fagg wrote: > Works for mysql 3.23.32 running as root. > > I used: > > mysql -u root ../../../../tmp > create table yikes(w int(4)); > > This created /tmp/yikes.* > > > >>> "Pavlov, Lesha" <[EMAIL PROTECTED]> 19/3/01 4:32:37 am >>> > Anybody, who get login and password to mysql can use it as DoS or r00t > exploit because mysql accepts '../blah-blah' as valid database name and > each table represented by 3 files tablename.ISD, tablename.ISM and > tablename.frm, But, when mysqld checks table already exists or not > exists, it checks _only_ tablename.frm : Sorry for confusion - in my previous mail a told 3.23 is not vulnerable. Yes, it IS vulnerable, the bug would be fixed asap. Regards, Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/
