Luca Ercoli has reported a vulnerability in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the handling of reserved MS-DOS device names. This can be exploited to cause a crash by changing to a database with a specially crafted name.
Example: use LPT1;
Successful exploitation requires global privileges (on *.*) for any of the following commands:
* REFERENCES
* CREATE TEMPORARY TABLES
* GRANT OPTION
* CREATE
* SELECT
The vulnerability has been reported in versions 4.0.x and 4.1.x for Windows.
SOFTWARE:
MySQL 4.x
SOLUTION:
Grant only global privileges (*.*) to trusted users.
PROVIDED AND/OR DISCOVERED BY:
Luca Ercoli
ORIGINAL ADVISORY:
http://bugs.mysql.com/bug.php?id=9148
VERIFY ADVISORY:
http://secunia.com/advisories/14564/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050314114408404