[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions

To: "Team SHATTER" <shatter@xxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Re: [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions
From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
Date: Tue, 9 Aug 2005 01:38:45 +0100

Buffer Overflow in MySQL User Defined Functions
Risk level: LOW
Credits: This vulnerability was discovered and researched by Reid
Borsuk of Application Security Inc.

How can this even be marked as low risk? If you're loading a library into mysql's address space then you're already executing "arbitrary code". It's important that we, as security researchers, don't desensitize the readership with pointless "vulnerability" posts otherwise people begin to turn off. Sure - you've found some sloppy code in mysql - get it looked at by all means but please don't try to create a risk, whether low or not, where there really is none.

Cheers, David "got out of the wrong side of bed this morning" Litchfield

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions
  - From: Team SHATTER

Prev by Date: RE: [Full-disclosure] Port scanner for Windows CE
Next by Date: [Full-disclosure] List Charter
Previous by thread: [Full-disclosure] [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions
Next by thread: [Full-disclosure] [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions
Index(es):
- Date
- Thread