[Full-Disclosure] [[email protected]: Re: MySQL 3.23.54a can be crased with a exploit for 3.23.53]

Tue, 21 Jan 2003 08:10:34 -0800 

----- Forwarded message from Sergei Golubchik <[EMAIL PROTECTED]> -----

Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm (http://www.ezmlm.org)
List-ID: <mysql.mysql.com>
Precedence: bulk
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
Delivered-To: mailing list [EMAIL PROTECTED]
Date: Tue, 21 Jan 2003 16:19:42 +0100
From: Sergei Golubchik <[EMAIL PROTECTED]>
To: Dennis Kruyt <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: MySQL 3.23.54a can be crased with a exploit for 3.23.53
Mail-Followup-To: Dennis Kruyt <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.1i

Hi!

On Jan 21, Dennis Kruyt wrote:
> Hi,
> 
> When I try the hoagie_mysql exploit from http://void.at/releases.html
> on a 3.23.54a MySQL server (witch sould be safe) then i can crash the
> database with this.
> 
> How did I do it?
> 
> I start hoagie_mysql with a valid db user (not root). Then press ctrl-c
> (abort) and start the tool again. Now the tool has reported that the
> attack has failed. But the MySQL db is restarted if i look in the error
> log and some normal connectie to the database then will fail. I have
> tried it on several server with success.

You should've contacted us (using [EMAIL PROTECTED]) first
so we'd be able to release fixed version :(

Anyway, this is fixed. 3.23.55 will be released soon.
For impatients, there's our bk tree, available publicaly

Thanks for bugreport.

Regards,
Sergei

-- 
MySQL Development Team
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
/_/  /_/\_, /___/\___\_\___/  Osnabrueck, Germany
       <___/

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

----- End forwarded message -----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to