Hello.
Thank you for your contribution, but this issue has already been
discussed on this list (see the archive) and a fix is available (since
3.23.21).
Bye,
Benjamin.
On Fri, Feb 02, 2001 at 01:23:26AM +0300, [EMAIL PROTECTED] wrote:
> >From Beyond-Security's SecuriTeam.com(The information has been provided by Tharbad):
>
> A security vulnerability in MySQL, a database management system, has been
>discovered. This vulnerability allows remote attackers to crash by issuing a SELECT
>statement containing a large amount of characters. This crash is due to a buffer
>overflow, and may enable the attacker to execute arbitrary code. The attacker would
>need access to MySQL's query engine to exploit this, e.g. a valid username/password,
>or an interface from which he can enter SQL select statements.
>
> Vulnerable systems:
> MySQL version prior to 3.23.31
>
> Immune systems:
> MySQL version 3.23.31 and above
>
> Example:
> (You need a valid login/password to exploit this.)
>
> # mysql -p -e 'select a.'`perl -e'printf("A"x130)'`'.b'
> Enter password:
> (hanged..^C)
>
> Alternatively, the following method will work without requiring a password:
> # mysql -u --execute=
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
