Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Possible new MySQL 0day - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Possible new MySQL 0day

Intevydis published a flash video on Monday showing what appears to be a new 0day exploit against MySQL 5.x. The demo ( ) is for a recent exploit included in their VulnDisco exploit pack for CANVAS as of Aug 2009. The demo shows as running against 5.0.51a-24+lenny2 but the description appears to be "MySQL 5.x Exploit" which suggests it may work against other versions as well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release available.

If anyone has any additional details on this vulnerability we'd love to hear about it.


68 Posts
Jan 6th 2010

Sign Up for Free or Log In to start participating in the conversation!