Hi On 2005-10-02 sean finney wrote: > after having spent more time looking at this bug, i'm once again > unconvinced that there is a problem. the original poster in the ubuntu > bts said: ... > > Received reply: > > 00000000 > > Received OK reply, authentication successful!! > > notice that the reply is empty. this is because the mysql server has > already closed the connection and the read call on the socket in the > perl script returns 0 bytes.
I forwarded this comment to the Ubunto BTS in the hope that the original reporter who wrote this little Perl script can provide a better exploit: https://bugzilla.ubuntu.com/show_bug.cgi?id=16205 If not I leave it to the Security Team to decide if we issue a DSA for this as I neither prove nor deny that this is a security hole. bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
