Re: [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions

["David Litchfield" <davidl () ngssoftware com>]

> Buffer Overflow in MySQL User Defined Functions
> Risk level: LOW
> Credits: This vulnerability was discovered and researched by Reid
> Borsuk of Application Security Inc.

How can this even be marked as low risk? If you're loading a library into 
mysql's address space then you're already executing "arbitrary code". It's 
important that we, as security researchers, don't desensitize the readership 
with pointless "vulnerability" posts otherwise people begin to turn off. 
Sure - you've found some sloppy code in mysql - get it looked at by all 
means but please don't try to create a risk, whether low or not, where there 
really is none.

Cheers,
David "got out of the wrong side of bed this morning" Litchfield 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/