• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MySQL Mysql_real_connect Function Potential Remote Buffer Overflow Vulnerability

MySQL is prone to a potential remote buffer overflow vulnerability. This issue occurs due to insufficient boundary checks performed by the 'mysql_real_connect' function.

The 'mysql_real_connect' function does not verify the length of the IP address returned through a DNS response from a server. Immediate consequences of an attack may result in a denial of service condition. It is conjectured that this issue could allow for arbitrary code execution, however, this has not been confirmed.

It is also reported that the glibc library verifies the length of an IP address, however, other libraries may obtain the length from a DNS response packet. Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue.