<http://isc.sans.org/diary.html?storyid=7900> http://isc.sans.org/diary.html?storyid=7900
Possible new MySQL 0day Published: 2010-01-06, Last Updated: 2010-01-06 21:46:51 UTC by Toby Kohlenberg (Version: 1) <http://intevydis.com/> Intevydis has published a flash video showing what appears to be a new 0day exploit against MySQL 5.x. The <http://intevydis.com/mysql_demo.html> demo (http://intevydis.com/mysql_demo.html )is for a new exploit included in their VulnDisco exploit pack for <http://www.immunitysec.com/products-canvas.shtml> CANVAS. The demo shows as running against 5.0.51a-24+lenny2 but the description appears to be "MySQL 5.x Exploit" which suggests it may work against other versions as well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release available. If anyone has any additional details on this vulnerability we'd love to hear about it.
