Qualys announced they had found an exploit in one of the Linux core libraries – glibc – using a buffer overflow technique in gethostbyname(). They have developed a proof-of-concept in which simply sending a specially created e-mail to a mail server enabled them to create a remote shell to the Linux machine. According to Qualys, “This bypasses all existing protections (like ASLR, PIE and NX) on both 32-bit and 64-bit systems.”. How does it affect MySQL servers? Read on!
The vulnerable library call provides DNS name resolution …[Read more...]