2 comments

[ 772 ms ] story [ 93.2 ms ] thread
From the attached file in the link:

    MySQL Server exploitable stack based overrun
    Ver 5.5.19-log for Linux and below (tested with Ver 5.1.53-log for suse-linux-gnu too)
    unprivileged user (any account (anonymous account?), post auth)
    as illustrated below the instruction pointer is overwritten with 0x41414141
    bug found by Kingcope
    this will yield a shell as the user 'mysql' when properly exploited
This user has also posted a number of other zero-day exploits in the last few days:

http://seclists.org/fulldisclosure/2012/Dec/5

http://seclists.org/fulldisclosure/2012/Dec/6

http://seclists.org/fulldisclosure/2012/Dec/7

http://seclists.org/fulldisclosure/2012/Dec/8

http://seclists.org/fulldisclosure/2012/Dec/9

http://seclists.org/fulldisclosure/2012/Dec/58

This is why we have firewalls, right? If you're leaving your 3306 port flapping in the breeze, you're already hacked. It's just a matter of when.