[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pre-auth buffer-overflow in mySQL through yaSSL

To: bugtraq@xxxxxxxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, packet@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Pre-auth buffer-overflow in mySQL through yaSSL
From: Luigi Auriemma <aluigi@xxxxxxxxxxxxx>
Date: Fri, 4 Jan 2008 18:54:45 +0100

The following is a proof-of-concept for testing the buffer-overflow
which affects yaSSL <= 1.7.5 on mySQL servers, any version, included the
latest 6.0.3:

  http://aluigi.org/poc/mysqlo.zip

The vulnerability is exploitable before authentication so the only
requirements for testing it are the usage of SSL on the server and
naturally having an IP address with access to the database.

By default mySQL uses yaSSL (1.6.0) for avoiding licences conflicts,
anyway if the test server has been compiled with specific OpenSSL
support it is NOT vulnerable.


--- 
Luigi Auriemma
http://aluigi.org

Prev by Date: Some DoS in some telnet servers
Next by Date: Re: FortiGuard: URL Filtering Application Bypass Vulnerability
Previous by thread: Some DoS in some telnet servers
Next by thread: iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability
Index(es):
- Date
- Thread