MySQL Forums
Forum List  »  Security

CVE-2005-0709
Posted by: zainabspam
Date: April 30, 2006 09:17AM

Hi,
I know it's for an outdated version of mySQL but CVE-2005-0709 details a vulnerability that takes advantage of the UDF features and uses libc to get some shellcode executed. I'm relatively new to mySQL and one of the steps involved makes no sense to me.

mysql> select on_exit(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
->,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)\G
...
mysql> select strcat(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
->,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)\G
*************************** 1. row ***************************
strcat(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0): 1
1 row in set (0.00 sec)
mysql> select exit();

What I don't understand is why there are so many params passed to on_exit and strcat (and one for exit()) instead of the two/one params as suggested by:

char *strcat(char *dest, const char * src);
int on_exit(void (* function)(int , void *), void *arg);
void exit(int status );

Also, what is the significance of the -> symbol here, doesn't it normally allow a field to be accessed in a result set?

If anybody could help I'd be very greatfull, as I have to finish a report on it by friday and I'm at a dead end!

Cheers

Options: ReplyQuote


Subject
Views
Written By
Posted
CVE-2005-0709
4102
April 30, 2006 09:17AM
2296
April 30, 2006 03:57PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.