In association with heise online

12 March 2007, 11:26

New version of MySQL fixes DoS vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 5.0.37 of the widely used open source SQL database MySQL includes fixes for numerous bugs as well as for various potential vulnerabilities, which could have been exploited by attackers to crash the database. According to security services provider SEC-CONSULT, a single SQL command containing a prepared ORDER-BY statement was sufficient to cause this.

In order to crash the system an attacker would have to be able to pass the command to the database interface directly – however numerous web applications include SQL injection vulnerabilities with which this can be done, using, for example, manipulated user entries. Further information on vulnerabilities in web applications and how to avoid them can be found in the article Web application security on heise Security.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit