On the Internet appeared a set of exploits for MySQL

Posted: December 3, 2012 in IT Security News, Security Notices
Tags: ,


Exploits for MySQL

Tools uses unpatched vulnerabilities in the database management system.

In Full Disclosure published a number of exploits for vulnerabilities in the database management system (DBMS) MySQL versions 5.1.x and 5.5.x. Among other things, an anonymous user posted under a pseudonym ‘Kingcope’ of sending several tools that exploit vulnerabilities in software products such as FreeSSHd, freeFTPd, IBM System Director and SSH Tectia.

Note that five of exploits designed to MySQL, two allow a remote attacker to cause a denial of service, and also to check whether the user name. Successful exploitation of this vulnerability other three must have an account in the database. In this case, a remote attacker could implement to increase DBA privileges and execute arbitrary commands on the system.

Two exploits work on Windows, and three are for Linux-based systems. On assurances of the ‘Kingcope’, all the tools are tested with the latest versions of MySQL packages of Debian Lenny, SUSE and openSUSE.

We encourages our readers to restrict access to MySQL only to trusted hosts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s