Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: Possible new MySQL 0day SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Possible new MySQL 0day

Intevydis published a flash video on Monday showing what appears to be a new 0day exploit against MySQL 5.x. The demo (http://intevydis.com/mysql_demo.html ) is for a recent exploit included in their VulnDisco exploit pack for CANVAS as of Aug 2009. The demo shows as running against 5.0.51a-24+lenny2 but the description appears to be "MySQL 5.x Exploit" which suggests it may work against other versions as well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release available.

If anyone has any additional details on this vulnerability we'd love to hear about it.

Toby

68 Posts
Jan 6th 2010

Sign Up for Free or Log In to start participating in the conversation!