On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
> Hi,
>
> MySql staff has been notified regarding this issues on 2001-01-26.
>
> There still are some potential security flaws with MySql lastest stable
> release.
> Follows some tests i've made all with:
>
> MySql v3.23.32
> PHP v4.0.4pl1 (static)
> apache-1.3.14
And my results on:
1. MySQL v3.23.31
Slackware-7.1 (glibc-2.1.3)
2. MySQL v3.23.31
Slackware-3.4 (libc5 + gcc-2.95.2)
> Problem 1.
<cut>
> mysql> drop database
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
> </quote>
<cut>
It seems I'm unable to reproduce this either on 3.4 and 7.1:
mysql> drop database
-> [2048 A's];
ERROR 1102: Incorrect database name
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
> Problem 2.
> -----------
> MySql client that ships with the MySql package has a buffer overflow
> situation on the "host" user suplied input. ( among other paramaters, but
> this one can be critical )
>
<cut>
> /home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'`
>
> Program received signal SIGSEGV, Segmentation fault.
<cut>
mysql -h`perl -e'printf("A"x200)'`
Segmentation fault
This one works on 3.4 as well on 7.1.
--
=- --rw------- =--=--=--=--=--=--=--=--=--=--=--=--=--=
Theodor Milkov Administrator IP Networks
Davidov Electric Ltd. Phone: +359 (2) 730158
PGP: http://www.zimage.delbg.com/zimage.asc
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
PGP signature
