Date: Thu, 13 Jan 2000 10:18:27 -0500
From: Tonu Samuel <[email protected]>
To: [email protected]Subject: mSQL and not MySQL exploit
Hi!
Today I discovered the exploit for mSQL:
http://www.insecure.org/sploits/mSQL.overflow.and.hostnamespoof.html
and found little remark in same place: "MySQL is also probably
vulnerable".
MySQL is not vulnerable for this exploit because MySQL doesn't have any
code from mSQL. This can be confusing excerpt in out manual:
"We once started off with the intention of using mSQL to connect to our
tables using our own fast low-level (ISAM) routines. However, after some
testing we came to the
conclusion that mSQL was not fast enough or flexible enough for our
needs. This resulted in a new SQL interface to our database but with
almost the same API interface
as mSQL. This API was chosen to ease porting of third-party code. "
But this means we used MySQL uses mSQL-like API but not code.
--
+----------------------------------------------------------------+
| TcX ____ __ _____ _____ ___ |
| /*/\*\/\*\ /*/ \*\ /*/ \*\ |*| TУnu Samuel |
| /*/ /*/ /*/ \*\_ |*| |*||*| [email protected] |
| /*/ /*/ /*/\*\/*/ \*\|*| |*||*| Tallinn, Estonia |
| /*/ /*/ /*/\*\_/*/ \*\_/*/ |*|____ |
| ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^ |
| /*/ \*\ Developers Team |
+----------------------------------------------------------------+
