Bugtraq mailing list archives
Re: Trivial mSQL/MySQL DoS method?
From: nigelr () NELGIN RSN HP COM (Nigel Reed)
Date: Thu, 26 Mar 1998 14:17:23 -0600
Confirmed with 2.0.1 under HPUX 10.20 and NetBSD 1.3 If I keep repeatedly opening telnet sessions, it will make msqladmin hang, although once a telnet session times out, then it will carry on as normal. I dont have 2.0.3 but I expect it will be similar - thanks for the heads up on this one. I'll pass it on to the author (who doesn't appear to be doing much these days so I doubt there will be a speedy fix) Regards Nigel
It seems that if one wants to bring a website that relies heavily on mSQL or MySQL to it's knees, simply telnet to the port the server listens on (1112 for mSQL or 3333 for MySQL) and then just sit there, forget about it. Nothing on the server will be able to query any of the databases. The admin shutdown or reload commands will hang, etc. As long as someone keeps the null connection open to the SQL server's port, the only way to resume database operations is to kill the parent process and restart the daemon. This seems to work regardless of what's in the acl files or tables. A site using mod_auth_msql or mod_auth_mysql would be especially inconvenienced. -mark --- Mark Jeftovic aka: mark jeff or vic, stunt pope. markjr () shmOOze net http://www.shmOOze.net/~markjr Private World's BOFH http://www.PrivateWorld.com irc: L-bOMb Keep `em Guessing
-- Nigel Reed Please do NOT send me MIME email. I will only read TEXT based email. MIME will be unread and deleted Consultant Work: 972 497 4877 Home Email: nigel () nelgin nu Hewlett Packard HPSD, 3000 Waterview Parkway, Richardson, Tx, 75080 ANTI SPAM FILTER IN USE :: REMOVE SPAM-ME-NOT IF REPLYING TO NEWSGROUP MESSAGE
Current thread:
- wtmpx utility for solaris, (continued)
- wtmpx utility for solaris Ryan (Mar 30)
- Re: wtmpx utility for solaris Mikael Brandstrom (Mar 31)
- HPSBUX9803-077 Security Vulnerability with inetd on HP-UX Aleph One (Mar 30)
- pset Buffer Overrun Vulnerability SGI Security Coordinator (Mar 26)
- Netscape Navigator Security Vulnerabilities SGI Security Coordinator (Mar 26)
- IMAP/POP Vulnerability SGI Security Coordinator (Mar 25)
- NTCrash2 Aleph One (Mar 25)
- WinGate Intermediary Fix/Update Mike Zimmerman (Mar 26)
- More browser bugs. Dan (Mar 26)
- Trivial mSQL/MySQL DoS method? Stunt Pope (Mar 26)
- Re: Trivial mSQL/MySQL DoS method? Nigel Reed (Mar 26)