SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 12:25 PM EST

MySQL MS-DOS Device Names Denial of Service Vulnerability

    
Monday, March 14 2005 @ 11:44 AM EST

Database ServersLuca Ercoli has reported a vulnerability in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the handling of reserved MS-DOS device names. This can be exploited to cause a crash by changing to a database with a specially crafted name.

Example: use LPT1;

Successful exploitation requires global privileges (on *.*) for any of the following commands:
* REFERENCES
* CREATE TEMPORARY TABLES
* GRANT OPTION
* CREATE
* SELECT

The vulnerability has been reported in versions 4.0.x and 4.1.x for Windows.

SOFTWARE:
MySQL 4.x

SOLUTION:
Grant only global privileges (*.*) to trusted users.

PROVIDED AND/OR DISCOVERED BY:
Luca Ercoli

ORIGINAL ADVISORY:
http://bugs.mysql.com/bug.php?id=9148

VERIFY ADVISORY:
http://secunia.com/advisories/14564/

Secunia Security Advisories

 
What's Related

Story Options

MySQL MS-DOS Device Names Denial of Service Vulnerability | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.54 seconds