|
Bugtraq
mailing list archives
Re: Some more MySql security issues
From: Konrad Rieck <kr () R0Q CX>
Date: Sun, 11 Feb 2001 00:40:48 +0100
I am a little bit confused about this mail. Maybe the author
can explain some issues to me...
On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
roberto () spike:~ > mysql -ublaah (Note: 'blaah' obviously isn't a valid
username)
You seem to have a strange configuration of mysql. By default only valid
users are allowed to connect to the database. So the overflow in
"drop database" can only be used by users of mysql. Well anyway, a security
problem that can lead to the privileges the mysqld is running under, but
not as simple as you show above.
/home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'`
This is a nice example of bad code, but not a security issue, I could
show up a 100 of programs that simply don't care for *argv parameters.
You don't gain anything by exploiting such overflows in non-suid programs.
Regards,
Konrad
--
Konrad Rieck <kr () r0q cx>
Roqefellaz - http://www.r0q.cx, GPG Public Key http://www.r0q.cx/keys/kr.pub
-- Fingerprint: 3AA8 CF92 C179 9760 C3B3 1B43 33B6 9221 AFBF 5897
 By Date 
By Thread
Current thread:
| 
Intro
