Bugtraq: Re: mSQL vulnerabilities

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: mSQL vulnerabilities

From: davids () SILENCE SECNET COM (David Sacerdote)
Date: Mon, 28 Jul 1997 12:54:33 -0600

It is my understanding that MySQL is based on mSQL.  If this is the case, is
it vulnerable to similar attacks?


Based on preliminary source inspection, I suspect that passwordless
host-based access control can be circumvented in the same way that it can
be with mSQL.  There *appear* to be opportunities for buffer overflows
buried inside many of the bottom-layer functions, but I am unsure whether
some type of bounds checking is happening at a higher layer.  There have
been enough changes to MySQL that I basically have to start tracing
argument passing from scratch.

Further investigation is required.

David Sacerdote
Secure Networks Inc.

By Date By Thread

Current thread:

mSQL vulnerabilities Secure Networks Inc. (Jul 27)
- Re: mSQL vulnerabilities Stacey Son (Jul 28)
- <Possible follow-ups>
- Re: mSQL vulnerabilities David Sacerdote (Jul 28)
- Re: mSQL vulnerabilities David Sacerdote (Jul 29)
  - Re: mSQL vulnerabilities Black Adder (Jul 29)