[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Implementation of CoreST mysql vulnerability?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Implementation of CoreST mysql vulnerability?
From: Brendan Dolan-Gavitt <mooyix@xxxxxxxxx>
Date: Wed, 18 May 2005 14:05:26 -0500

Hi,
   I've recently been looking at CoreLabs' paper on the weak
challenge/response mechanism in MySQL v3.23 and below
(http://www1.corest.com/corelabs/projects/protocol_design_flaws/mysql.pdf).
They mention that there is an implementation of the attack in Python
and Smalltalk that can be found on their website, but I haven't been
able to unearth it if it's there at all. Does anyone have a copy or
know where it might be found?

Thanks,
  Brendan Dolan-Gavitt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Next by Date: [Full-disclosure] UnixWare 7.1.4 : Updated mozilla fixes many security issues
Previous by thread: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Next by thread: [Full-disclosure] UnixWare 7.1.4 : Updated mozilla fixes many security issues
Index(es):
- Date
- Thread