Hi! Today I discovered the exploit for mSQL: http://www.insecure.org/sploits/mSQL.overflow.and.hostnamespoof.html and found little remark in same place: "MySQL is also probably vulnerable". MySQL is not vulnerable for this exploit because MySQL doesn't have any code from mSQL. This can be confusing excerpt in out manual: "We once started off with the intention of using mSQL to connect to our tables using our own fast low-level (ISAM) routines. However, after some testing we came to the conclusion that mSQL was not fast enough or flexible enough for our needs. This resulted in a new SQL interface to our database but with almost the same API interface as mSQL. This API was chosen to ease porting of third-party code. " But this means we used MySQL uses mSQL-like API but not code. -- +----------------------------------------------------------------+ | TcX ____ __ _____ _____ ___ | | /*/\*\/\*\ /*/ \*\ /*/ \*\ |*| Tõnu Samuel | | /*/ /*/ /*/ \*\_ |*| |*||*| tonuat_private | | /*/ /*/ /*/\*\/*/ \*\|*| |*||*| Tallinn, Estonia | | /*/ /*/ /*/\*\_/*/ \*\_/*/ |*|____ | | ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^ | | /*/ \*\ Developers Team | +----------------------------------------------------------------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:01 PDT