Tuesday, August 3, 2010

Oracle MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability

0
in

#########################################
#A vulnerability was reported in MySQL. A remote authenticated user can cause denial #of service conditions.
####################################################################################
#This issue affects versions prior to MySQL 5.1.48.
####################################################################################
#A remote authenticated user can send a specially crafted ALTER DATABASE command to #cause the target server to move a data directory into a new subdirectory, causing the #data directory to become unusable.#
####################################################################################
#A demonstration exploit request is provided [where "" is "." or ".." or is a #sequence that begins with "./" or "../"]:
###################################################################################
#ALTER DATABASE `#mysql50#` UPGRADE DATA DIRECTORY NAME
###################################################################################
Vendor advisory at:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html

0 comments:

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting