From: Daevid Vincent
Date: January 6 2010 10:47pm
Subject: Possible new MySQL 0day
List-Archive: http://lists.mysql.com/mysql/220116
Message-Id: <7FD9F1138D7D408295CA3D87EBBA4459@mascorp.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_03DF_01CA8EDF.3E875C30"

------=_NextPart_000_03DF_01CA8EDF.3E875C30
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

 <http://isc.sans.org/diary.html?storyid=7900>
http://isc.sans.org/diary.html?storyid=7900

Possible new MySQL 0day
Published: 2010-01-06,
Last Updated: 2010-01-06 21:46:51 UTC
by Toby Kohlenberg (Version: 1)



 <http://intevydis.com/> Intevydis has published a flash video showing what
appears to be a new 0day exploit against MySQL 5.x. The
<http://intevydis.com/mysql_demo.html> demo
(http://intevydis.com/mysql_demo.html )is for a new exploit included in
their VulnDisco exploit pack for
<http://www.immunitysec.com/products-canvas.shtml> CANVAS. The demo shows
as running against 5.0.51a-24+lenny2 but the description appears to be
"MySQL 5.x Exploit" which suggests it may work against other versions as
well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release
available. If anyone has any additional details on this vulnerability we'd
love to hear about it. 


------=_NextPart_000_03DF_01CA8EDF.3E875C30--