[Dailydave] MySQL 5.5.20 0day

Alex McGeorge alexm at immunityinc.com
Thu Feb 23 16:22:49 EST 2012


List,

Who doesn't love a practical example? There's been some hype and fuss on
the internet recently about the exploit market [1]. And while I disagree
with a few points made in that article it has lead me to have some
pretty good conversations on some of the ethical considerations of
buying and selling exploits. I've noted a lot of folks fall back to the
"exploits are like guns" analogy which works pretty well as long as you
don't push it too far. Dave's RSA talk of course takes issue with
calling exploits cyber weapons which works against that analogy. There's
a lot of room for discussion, the challenge is making it productive.

So here's our practical example. Our friends over at Intevydis have
released VulnDisco Professional 9.17 which contains a remote pre-auth
0day for MySQL 5.5.20. You can purchase access to that Intevydis CANVAS
module by sending email to admin at immunityinc.com and requesting a quote.
There's a release announcement on the CANVAS list [2] but most of the
good information can be found in the short movie we did here:
http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov

Cheers,
-AlexM

[1]
http://www.zdnet.com/blog/security/0-day-exploit-middlemen-are-cowboys-ticking-bomb/10294
[2]
https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html

-- 
Alex McGeorge
Immunity Inc.
1130 Washington Avenue 8th Floor
Miami Beach, Florida 33139
P: 786.220.0600



More information about the Dailydave mailing list