Possible new MySQL 0day

------=_NextPart_000_03DF_01CA8EDF.3E875C30
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit


http://isc.sans.org/diary.html?storyid=7900

Possible new MySQL 0day
Published: 2010-01-06,
Last Updated: 2010-01-06 21:46:51 UTC
by Toby Kohlenberg (Version: 1)



Intevydis has published a flash video showing what
appears to be a new 0day exploit against MySQL 5.x. The
demo
(http://intevydis.com/mysql_demo.html )is for a new exploit included in
their VulnDisco exploit pack for
CANVAS. The demo shows
as running against 5.0.51a-24+lenny2 but the description appears to be
"MySQL 5.x Exploit" which suggests it may work against other versions as
well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release
available. If anyone has any additional details on this vulnerability we'd
love to hear about it.


------=_NextPart_000_03DF_01CA8EDF.3E875C30--

Re: Possible new MySQL 0day

On Wed, Jan 6, 2010 at 5:47 PM, Daevid Vincent wrote:

> =A0 Intevydis has published a flash video showing =
what
> appears to be a new 0day exploit against MySQL 5.x.

Gah. Is there a text description available that doesn't require sitting
through some #%#$ video?

--=20
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
twitter: @hassan

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg