Buffer Overflow in MySQL

Posted by Hemos on Sunday September 14, 2003 @11:47PM from the upgrade-ya-schlubs dept.

maedls.at writes "Here is a short description of the Vulnerability:Passwords of MySQL users are stored in the "User" table, part of the "mysql" database, specifically in the "Password" field. In MySQL 4.0.x and 3.23.x, these passwords are hashed and stored as a 16 characters long hexadecimal value, specifically in the "Password" field. Unfortunately, a function involved in password checking misses correct bounds checking. By filling a "Password" field a value wider than 16 characters, a buffer overflow will occur. For details and proof of concept see: http://lists.netsys.com/pipermail/full-disclosure/ 2003-September/009819.html"

1 of 43 comments (clear)

Min score:

Reason:

Sort:

Password problems? by Silverblade · 2003-09-15 05:02 · Score: 0, Troll

This problem is going to make it easier for hackers to get into programs all together now. For all those people who are, you have a major oppurtunity here. But for those who aren't you can't even have a password that is 128 bit encryption anymore. That isn't even good enough. Maybe a 512 bit would help but knowing the "Hacker" age now?! Good luck protecting your computer now