Bugtraq mailing list archives
Re: mSQL vulnerabilities
From: davids () SILENCE SECNET COM (David Sacerdote)
Date: Mon, 28 Jul 1997 12:54:33 -0600
It is my understanding that MySQL is based on mSQL. If this is the case, is it vulnerable to similar attacks?
Based on preliminary source inspection, I suspect that passwordless host-based access control can be circumvented in the same way that it can be with mSQL. There *appear* to be opportunities for buffer overflows buried inside many of the bottom-layer functions, but I am unsure whether some type of bounds checking is happening at a higher layer. There have been enough changes to MySQL that I basically have to start tracing argument passing from scratch. Further investigation is required. David Sacerdote Secure Networks Inc.
Current thread:
- mSQL vulnerabilities Secure Networks Inc. (Jul 27)
- Re: mSQL vulnerabilities Stacey Son (Jul 28)
- <Possible follow-ups>
- Re: mSQL vulnerabilities David Sacerdote (Jul 28)
- Re: mSQL vulnerabilities David Sacerdote (Jul 29)
- Re: mSQL vulnerabilities Black Adder (Jul 29)