Gea-Suan Lin's BLOG

Friday, February 24, 2006

MySQL 4.x/5.0 安全問題

MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit,還看到 cvs tag…:

/*  * $Id: raptor_udf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $  *  * raptor_udf2.c - dynamic library for do_system() MySQL UDF  * Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>  *  * This is an helper dynamic library for local privilege escalation through  * MySQL run with root privileges (very bad idea!), slightly modified to work  * with newer versions of the open-source database. Tested on MySQL 4.1.14.