Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service

EDB-ID:

14537


Type:

dos


Platform:

Multiple

Date:

2010-08-03


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.

This issue affects versions prior to MySQL 5.1.48. 

A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.

A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:

ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME

Vendor advisory at:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html