MySQL Server exploitable stack based overrun
Ver 5.5.19-log for Linux and below (tested with Ver 5.1.53-log for suse-linux-gnu too)
unprivileged user (any account (anonymous account?), post auth)
as illustrated below the instruction pointer is overwritten with 0x41414141
bug found by Kingcope
this will yield a shell as the user 'mysql' when properly exploited
This user has also posted a number of other zero-day exploits in the last few days:
2 comments
[ 772 ms ] story [ 93.2 ms ] threadhttp://seclists.org/fulldisclosure/2012/Dec/5
http://seclists.org/fulldisclosure/2012/Dec/6
http://seclists.org/fulldisclosure/2012/Dec/7
http://seclists.org/fulldisclosure/2012/Dec/8
http://seclists.org/fulldisclosure/2012/Dec/9
http://seclists.org/fulldisclosure/2012/Dec/58