Hi Kingcope, MySQL Server exploitable stack based overrun Ver 5.5.19-log for Linux and below (tested with Ver 5.1.53-log for suse-linux-gnu too) unprivileged user (any account (anonymous account?), post auth) as illustrated below the instruction pointer is overwritten with 0x41414141 bug found by Kingcope this will yield a shell as the user 'mysql' when properly exploited
Out of curiosity, is this exploitable when using hardened toolchain settings? Specifically, -D_FORTIFY_SOURCES=2 and -fstack-protector-all? Jeff On Sat, Dec 1, 2012 at 4:26 PM, king cope <isowarez.isowarez.isowa...@googlemail.com> wrote: > (see attachment) > > Cheerio, > Kingcope > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
