Home Home   Your IP: 54.159.71.232 Forum [Blog]

-: Exploits - Bugs - Vulnerabilities :-


Pre-Auth Buffer Overflow in MySQL through yaSSL

Description:
quoting http://securityvulns.com/Sdocument794.html

"
From: Luigi Auriemma (aluigi_(at)_autistici.org)
Date: 04.01.2008
Subject: Pre-auth buffer-overflow in mySQL through yaSSL

The following is a proof-of-concept for testing the buffer-overflow which affects yaSSL <= 1.7.5 on mySQL servers, any version, included the latest 6.0.3:

http://aluigi.org/poc/mysqlo.zip
The vulnerability is exploitable before authentication so the only requirements for testing it are the usage of SSL on the server and naturally having an IP address with access to the database.

By default mySQL uses yaSSL (1.6.0) for avoiding licences conflicts, anyway if the test server has been compiled with specific OpenSSL support it is NOT vulnerable.

---
Luigi Auriemma
http://aluigi.org
"

How to repeat:
see http://aluigi.org/poc/mysqlo.zip






































© 2014 Insecure Lab, India                               Affiliates | Contact