>From Beyond-Security's SecuriTeam.com(The information has been provided by Tharbad):
A security vulnerability in MySQL, a database management system, has been discovered.
This vulnerability allows remote attackers to crash by issuing a SELECT statement
containing a large amount of characters. This crash is due to a buffer overflow, and
may enable the attacker to execute arbitrary code. The attacker would need access to
MySQL's query engine to exploit this, e.g. a valid username/password, or an interface
from which he can enter SQL select statements.
Vulnerable systems:
MySQL version prior to 3.23.31
Immune systems:
MySQL version 3.23.31 and above
Example:
(You need a valid login/password to exploit this.)
# mysql -p -e 'select a.'`perl -e'printf("A"x130)'`'.b'
Enter password:
(hanged..^C)
Alternatively, the following method will work without requiring a password:
# mysql -u --execute=
