Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: mSQL vulnerabilities
From: sson () ISERVER COM (Stacey Son)
Date: Mon, 28 Jul 1997 20:29:44 -0600


Hi,

While fixing up all the buffer overrun problems in mSQL here is
another patch to fix the following quick and dirty DOS attack:

        (1) telnet <your_favorite_msql_server> 1114
        (2) type ^C (control C)

I have found this causes the server to dump and go away.

The patch (for version 2.0.1):

*** net.c.orig  Mon Jul 28 14:19:30 1997
--- net.c       Mon Jul 28 14:20:50 1997
***************
*** 120,127 ****
        int     fd;
  {
        u_char   buf[4];
!       int     len,
!               remain,
                offset,
                numBytes;

--- 120,127 ----
        int     fd;
  {
        u_char   buf[4];
!       u_int   len;
!       int     remain,
                offset,
                numBytes;


Regards,

stacey () iserver com
http://www.iserver.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault