Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Possible new MySQL 0day - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Possible new MySQL 0day

Intevydis published a flash video on Monday showing what appears to be a new 0day exploit against MySQL 5.x. The demo (http://intevydis.com/mysql_demo.html ) is for a recent exploit included in their VulnDisco exploit pack for CANVAS as of Aug 2009. The demo shows as running against 5.0.51a-24+lenny2 but the description appears to be "MySQL 5.x Exploit" which suggests it may work against other versions as well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release available.

If anyone has any additional details on this vulnerability we'd love to hear about it.

Toby

68 Posts

Sign Up for Free or Log In to start participating in the conversation!