I am a little bit confused about this mail. Maybe the author
can explain some issues to me...

On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
> roberto@spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid
> username)

You seem to have a strange configuration of mysql. By default only valid
users are allowed to connect to the database. So the overflow in
"drop database" can only be used by users of mysql. Well anyway, a security
problem that can lead to the privileges the mysqld is running under, but
not as simple as you show above.

> /home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'`

This is a nice example of bad code, but not a security issue, I could
show up a 100 of programs that simply don't care for *argv parameters.
You don't gain anything by exploiting such overflows in non-suid programs.


Konrad Rieck <[EMAIL PROTECTED]>
Roqefellaz - http://www.r0q.cx, GPG Public Key http://www.r0q.cx/keys/kr.pub
--           Fingerprint: 3AA8 CF92 C179 9760 C3B3  1B43 33B6 9221 AFBF 5897

Reply via email to