List:General Discussion« Previous MessageNext Message »
From:Daevid Vincent Date:January 6 2010 10:47pm
Subject:Possible new MySQL 0day
View as plain text  
 <http://isc.sans.org/diary.html?storyid=7900>
http://isc.sans.org/diary.html?storyid=7900

Possible new MySQL 0day
Published: 2010-01-06,
Last Updated: 2010-01-06 21:46:51 UTC
by Toby Kohlenberg (Version: 1)



 <http://intevydis.com/> Intevydis has published a flash video showing what
appears to be a new 0day exploit against MySQL 5.x. The
<http://intevydis.com/mysql_demo.html> demo
(http://intevydis.com/mysql_demo.html )is for a new exploit included in
their VulnDisco exploit pack for
<http://www.immunitysec.com/products-canvas.shtml> CANVAS. The demo shows
as running against 5.0.51a-24+lenny2 but the description appears to be
"MySQL 5.x Exploit" which suggests it may work against other versions as
well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release
available. If anyone has any additional details on this vulnerability we'd
love to hear about it. 


Thread
Possible new MySQL 0dayDaevid Vincent6 Jan
  • Re: Possible new MySQL 0dayHassan Schroeder6 Jan