[5034] in bugtraq
Re: mSQL vulnerabilities
daemon@ATHENA.MIT.EDU (David Sacerdote)
Mon Jul 28 16:29:05 1997
Date: Mon, 28 Jul 1997 12:54:33 -0600
Reply-To: David Sacerdote <davids@SILENCE.SECNET.COM>
From: David Sacerdote <davids@SILENCE.SECNET.COM>
X-To: Trevor Schroeder <tschroed@cheetah.wsc.edu>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.ULT.3.96.970728130832.11400J-100000@cheetah.wsc.edu>
> It is my understanding that MySQL is based on mSQL. If this is the case, is
> it vulnerable to similar attacks?
Based on preliminary source inspection, I suspect that passwordless
host-based access control can be circumvented in the same way that it can
be with mSQL. There *appear* to be opportunities for buffer overflows
buried inside many of the bottom-layer functions, but I am unsure whether
some type of bounds checking is happening at a higher layer. There have
been enough changes to MySQL that I basically have to start tracing
argument passing from scratch.
Further investigation is required.
David Sacerdote
Secure Networks Inc.
