hey christian, just fyi to keep things fully documented, i've backported the relevant patches for all 4 CVE's to the woody/3.23 version of mysql.
i've been able to verify that the vulnerabilities exist, and are
exploitable by modifying the posted PoC code from the OP. i've
also been able to verify that the patch fixes the problem
in the way it's supposed to.
everything is available at:
http://people.debian.org/~seanius/mysql/woody/
including the following files:
- CVE-2006-0903.pl: basic perl based exploit.
- CVE-2006-1516_mysql-3.23.c: modified version of OP's PoC.
- CVE-2006-1517.c: modified version of OP's PoC.
and of course:
- mysql_3.23.49-8.15.diff.gz
- mysql_3.23.49-8.15.dsc
i'll see about hacking on the sarge versions tonight.
sean
--
signature.asc
Description: Digital signature
