CVE-2017-3599 PoC — Oracle MySQL Server 安全漏洞

Source

Associated Vulnerability

Title:Oracle MySQL Server 安全漏洞 (CVE-2017-3599)
Description:Oracle MySQL Server是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。 Oracle MySQL中的MySQL Server组件的Server: Pluggable Auth子组件存在安全漏洞。攻击者可利用该漏洞造成服务器拒绝服务（挂起和频繁崩溃），影响数据的可用性。以下版本受到影响：Oracle MySQL 5.6.35及之前的版本，5.7.17及之前的版本。

Description

A tool to crash MySQL servers with CVE-2017-3599

Readme

### This tool crashes vulnerable MySQL servers using [CVE-2017-3599](https://nvd.nist.gov/vuln/detail/CVE-2017-3599), a remote integer overflow when parsing login credentials.
## It can be downloaded [here](https://github.com/jptr218/mysql_dos/raw/main/mysql_dos.exe) (you will need to run it from the command line)
### Usage:

### `mysql_dos [target] [port]`

File Snapshot


 [4.0K]  /data/pocs/a33b151d153b4f4fe919cd3d48843b903e2f8fbf
├── [ 68K]  mysql_dos.exe
├── [ 360]  README.md
└── [4.0K]  src
    ├── [ 518]  hdr.h
    ├── [ 903]  main.cpp
    ├── [ 988]  misc.cpp
    └── [ 487]  mysql.cpp

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!