[19157] in bugtraq
Re: Some more MySql security issues
daemon@ATHENA.MIT.EDU (Theodor Milkov)
Mon Feb 12 17:42:24 2001
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="IrhDeMKUP4DT/M7F"
Content-Disposition: inline
Message-Id: <20010212114027.B1714@delbg.com>
Date: Mon, 12 Feb 2001 11:40:27 +0200
Reply-To: Theodor Milkov <zimage@DELBG.COM>
From: Theodor Milkov <zimage@DELBG.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <011901c092fc$099be740$0400a8c0@corbusier.org>; from
tharbad@KAOTIK.ORG on Sat, Feb 10, 2001 at 12:54:33AM -0000
--IrhDeMKUP4DT/M7F
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Feb 10, 2001 at 12:54:33AM -0000, Joao Gouveia wrote:
> Hi,
>=20
> MySql staff has been notified regarding this issues on 2001-01-26.
>=20
> There still are some potential security flaws with MySql lastest stable
> release.
> Follows some tests i've made all with:
>=20
> MySql v3.23.32
> PHP v4.0.4pl1 (static)
> apache-1.3.14
And my results on:
1. MySQL v3.23.31
Slackware-7.1 (glibc-2.1.3)
2. MySQL v3.23.31
Slackware-3.4 (libc5 + gcc-2.95.2)
> Problem 1.
<cut>
> mysql> drop database
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
> </quote>
<cut>
It seems I'm unable to reproduce this either on 3.4 and 7.1:
mysql> drop database
-> [2048 A's];
ERROR 1102: Incorrect database name 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
> Problem 2.
> -----------
> MySql client that ships with the MySql package has a buffer overflow
> situation on the "host" user suplied input. ( among other paramaters, but
> this one can be critical )
>=20
<cut>
> /home/jroberto/httpd/mysql/bin/mysql -h`perl -e'printf("A"x200)'`
>=20
> Program received signal SIGSEGV, Segmentation fault.
<cut>
mysql -h`perl -e'printf("A"x200)'`
Segmentation fault
This one works on 3.4 as well on 7.1.
--=20
=3D- --rw------- =3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=
=3D--=3D--=3D--=3D
Theodor Milkov Administrator IP Networks
Davidov Electric Ltd. Phone: +359 (2) 730158
PGP: http://www.zimage.delbg.com/zimage.asc
=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=
=3D--=3D--=3D--=3D--=3D--=3D
--IrhDeMKUP4DT/M7F
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: fNIsUEftWqSLqbRbMItbDOwNyeYqQcvN
iQA/AwUBOoevil9al9tcR87oEQKj9gCeP2MooeWPJqrDkJpLxHRDjqMBw/8AoICI
hhuFO8yYwwOZAHUQFVe8W3uG
=GSkG
-----END PGP SIGNATURE-----
--IrhDeMKUP4DT/M7F--
